Vigil@nce: MySQL, denial of service via ALTER DATABASE
June 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker with the ALTER DATABASE privilege on a database
can create a denial of service on all databases.
– Severity: 1/4
– Creation date: 29/06/2010
DESCRIPTION OF THE VULNERABILITY
Since MySQL 5.1, when the name of a database contains special
characters, they are encoded in Unicode. The following command is
used to migrate the directory of a database whose name contains a
special character:
ALTER DATABASE `#mysql50#my_base_with_a_special_character`
UPGRADE DATA DIRECTORY NAME;
For example, the "ABC-DEF" directory is renamed to "ABC@002dDEF".
However, special patterns, such as "." or "../" are not filtered.
The directory is then moved, which corrupts the MySQL installation.
A local attacker with the ALTER DATABASE privilege on a database
can therefore create a denial of service on all databases.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/MySQL-denial-of-service-via-ALTER-DATABASE-9733