FrSIRT, the French Security Incidence Response Team, reported Thursday that it has identified seven vulnerabilities in MySQL.
The flaws could be exploited by malicious users to obtain sensitive information or cause a DoS attack, according to FrSIRT.
The bugs affect MySQL versions prior to 5.1.23, according to FrSIRT's advisory.
Slavik Markovich, chief technology officer at Sentrigo, a database security firm, told SCMagazineUS.com on Thursday that such flaws are common in new database applications.
"Some of the attacks are pretty basic and show the immaturity of MySQL -- some simple bugs still exist in the code," he said. "We will see a lot more of those as the adoption of MySQL increases in the enterprise."
That researchers are finding a growing number of database flaws is no surprise, said independent consultant Rich Mogull.
"We've always had database vulnerabilities, just as with other software, but recently there's been more of a focus on databases,” he said. “That's because databases hold the most sensitive information. So if someone can get into the database, it gives them an opportunity to steal a lot of valuable information."
See original article on scmagazineus.com
FrSIRT finds flaws in MySQL
By Jim Carr on Feb 18, 2008 9:52AM