Flattr this!

Together with the latest version of MySQL, you can download the script, showing the operation of underlying vulnerability.

Oracle has recently published patches for vulnerabilities in MySQL mistakenly published PoC-code to a denial of service vulnerability. Recall that in March this year, Oracle has released update 5.5.22, which fixed a few vulnerabilities. Detailed information about the vulnerabilities the company was not disclosed, since they can be exploit the earlier versions of the application.

Security researcher Erik Romang (Eric Romang) found in newer versions of MySQL script developer mysql-test/suite/innodb/t/innodb_bug13510739.test, who as part of a functional automated test code contains a PoC-gap, which causes a crash MySQL 5.5 .21 and earlier versions, and then published it in the Pastebin. Successful exploitation necessary to implement authentication and gain certain privileges.

Thus, an attempt to hide the details of the vulnerability has not brought any result, because an attacker could exploit the potential provided by PoC-code for developing functional exploits.