Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Incident Response, TDR, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

FrSIRT finds flaws in MySQL

Share

Researchers at a French security organization have uncovered a number of security vulnerabilities in the MySQL database application, the open source software used to support many Web 2.0 applications.

FrSIRT, the French Security Incidence Response Team, reported Thursday that it has identified seven vulnerabilities in MySQL.

The flaws could be exploited by malicious users to obtain sensitive information or cause a DoS attack, according to FrSIRT.

The bugs affect MySQL versions prior to 5.1.23, according to FrSIRT's advisory.

Slavik Markovich, chief technology officer at Sentrigo, a database security firm, told SCMagazineUS.com on Thursday that such flaws are common in new database applications.

"Some of the attacks are pretty basic and show the immaturity of MySQL -- some simple bugs still exist in the code," he said. "We will see a lot more of those as the adoption of MySQL increases in the enterprise."

That researchers are finding a growing number of database flaws is no surprise, said independent consultant Rich Mogull.

"We've always had database vulnerabilities, just as with other software, but recently there's been more of a focus on databases,” he said. “That's because databases hold the most sensitive information. So if someone can get into the database, it gives them an opportunity to steal a lot of valuable information."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.