Posts Tagged ‘MySQL exploits’

MySql

Exploits for MySQL

Tools uses unpatched vulnerabilities in the database management system.

In Full Disclosure published a number of exploits for vulnerabilities in the database management system (DBMS) MySQL versions 5.1.x and 5.5.x. Among other things, an anonymous user posted under a pseudonym ‘Kingcope’ of sending several tools that exploit vulnerabilities in software products such as FreeSSHd, freeFTPd, IBM System Director and SSH Tectia.

Note that five of exploits designed to MySQL, two allow a remote attacker to cause a denial of service, and also to check whether the user name. Successful exploitation of this vulnerability other three must have an account in the database. In this case, a remote attacker could implement to increase DBA privileges and execute arbitrary commands on the system.

Two exploits work on Windows, and three are for Linux-based systems. On assurances of the ‘Kingcope’, all the tools are tested with the latest versions of MySQL packages of Debian Lenny, SUSE and openSUSE.

We encourages our readers to restrict access to MySQL only to trusted hosts.