Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DoS via tables corruption in WordPress

From: Aris Adamantiadis <aris () 0xbadc0de be>
Date: Tue, 11 Feb 2014 14:46:13 +0100

Le 11/02/14 09:34, Andrew Nacin a écrit :

Aris mentions he experienced corruption in his own WordPress setup. It's
most likely the options table simply crashed, not as a result of any
particular exploit. This is, after all, why MySQL has a REPAIR command
(and why we have a script for users to use).


This happened again last night. The mysql corruption was caused by an
OOM random kill (thanks linux) that chose mysql daemon as a victim. The
cause of the OOM was either wordpress or piwik, probably made possible
through apache misconfiguration (too many children). I have yet to
determine if that was an accident or an attack.

If Mustlive has any real and concrete information (URL, exploit code),
please share with us.

Aris




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: