Bugtraq mailing list archives
FW: mysql: Trivial mSQL/MySQL DoS method? (fwd)
From: monty () MONTY PP SCI FI (Michael Widenius)
Date: Thu, 26 Mar 1998 23:41:43 +0200
Hi all, Just FYI, here is what was posted to the MySQL list from the MySQL author regarding the DoS attack. Scott -----FW: <199803262141.XAA10491 () monty pp sci fi>----- Date: Thu, 26 Mar 1998 23:41:43 +0200 Sender: owner-mysql () analytikerna se From: Michael Widenius <monty () monty pp sci fi> To: "Joel B. Stalder" <joel () uptimecomputers com> Subject: mysql: Trivial mSQL/MySQL DoS method? (fwd) Cc: mysql () tcx se This never was fatal (only VERY annoying) for MySQL 3.20 ! MySQL has a timeout of 30 seconds for each read from the client. This means that the 'hang' only lasts 30 seconds for MySQL. MySQL 3.21.26 and below has the same problem.
From the changelog of 3.21.27 (I am compiling a distribution just now):
* Changed connect timeout to 3 seconds to make it somewhat harder for crackers to kill mysqld trough telnet + TCP/IP. Yours, Monty < original fwd by Joel B. Stalder removed >
Current thread:
- Re: apache+ssl 1.13 symlink problem Ben Laurie (Mar 24)
- Re: apache+ssl 1.13 symlink problem; NcFTP 2.4.2+ Mike Gleason (Mar 24)
- Clarification Mike Gleason (Mar 24)
- Protocol Aleph One (Mar 24)
- SECURITY: new svgalib and kbd now available Erik Troan (Mar 25)
- Sumbit Internet Account v1.1 Dax Kelson (Mar 25)
- Majordomo /tmp exploit Karl G - NOC Admin (Mar 26)
- FW: mysql: Trivial mSQL/MySQL DoS method? (fwd) Michael Widenius (Mar 26)
- Re: Majordomo /tmp exploit Steven Pritchard (Mar 26)
- easy DoS in most RPC apps Peter van Dijk (Mar 28)
- Netscape passes mailbox path and message ID as refferer Rop Gonggrijp (Mar 28)
- Hole. HKirk (Mar 28)
- Rhino9: WinGate Vulnerability Aleph One (Mar 29)
- MySQL Security Sandu Mihai (Mar 29)
- Re: MySQL Security Aleph One (Mar 29)
- Eudora Pro 4.0 attachment/long filename problem whiz (Mar 29)
- mysql: MySQL Security Michael Widenius (Mar 29)
- wtmpx utility for solaris Ryan (Mar 30)
- Majordomo /tmp exploit Karl G - NOC Admin (Mar 26)