MySQL Denial of Service Vulnerabilities (Sep 9, 2010)


MySQL is an open-source relational database which supports SQL. The database has a number of built-in SQL functions which are designed to help users with the task of querying and updating data. MySQL uses the MySQL protocol to communicate with clients over the network. By default, MySQL server listens for connections on TCP port 3306.

Two different denial-of-service vulnerabilities exist in MySQL server. The first vulnerability is due to an error while handling joins involving a table with a unique SET column. When one uses LIKE function to query specially joined tables, the LIKE function will fail. The second vulnerability is due to errors while performing comparisons in IN and CASE functions. Specifically, MySQL does not properly handle cases when one of the compared values is NULL. MySQL databases prior to version 5.1.49 are prone to these vulnerabilities.

A remote attacker can exploit these vulnerabilities by sending crafted queries to the target server. Successful exploitation would cause the database server to terminate abnormally, resulting in the denial-of-service condition. The impact of the vulnerabilities is mitigated by the requirement of a successful authentication.

SonicWALL has released multiple IPS signatures to detect and block specific exploitation attempts targeting these vulnerabilities. The signatures are listed below:

  • 5572 MySQL Unique SET Column Join DoS 1
  • 5573 MySQL Unique SET Column Join DoS 2
  • 5672 MySQL IN and CASE DoS 1
  • 5673 MySQL IN and CASE DoS 2
  • 5674 MySQL IN and CASE DoS 3
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.