FW: mysql: Trivial mSQL/MySQL DoS method? (fwd)

From: Michael Widenius (montyat_private)
Date: Thu Mar 26 1998 - 13:41:43 PST

Next message: Steven Pritchard: "Re: Majordomo /tmp exploit"

Previous message: SGI Security Coordinator: "pset Buffer Overrun Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,

        Just FYI, here is what was posted to the MySQL list from the MySQL
author regarding the DoS attack.

Scott


-----FW: <199803262141.XAA10491at_private>-----

Date: Thu, 26 Mar 1998 23:41:43 +0200
Sender: owner-mysqlat_private
From: Michael Widenius <montyat_private>
To: "Joel B. Stalder" <joelat_private>
Subject: mysql: Trivial mSQL/MySQL DoS method? (fwd)
Cc: mysqlat_private


This never was fatal (only VERY annoying) for MySQL 3.20 !  MySQL has
a timeout of 30 seconds for each read from the client. This means
that the 'hang' only lasts 30 seconds for MySQL.
MySQL 3.21.26 and below has the same problem.

>From the changelog of 3.21.27 (I am compiling a distribution just now):

* Changed connect timeout to 3 seconds to make it somewhat harder
  for crackers to kill mysqld trough telnet + TCP/IP.

Yours,
Monty

< original fwd by Joel B. Stalder removed >

Next message: Steven Pritchard: "Re: Majordomo /tmp exploit"
Previous message: SGI Security Coordinator: "pset Buffer Overrun Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:47:16 PDT