Description: There is a flaw in the 'Server: Optimizer' in the MySQL Server related to the handling of 'ORDER BY' queries. By sending a specially crafted 'ORDER BY' query, an authenticated user can cause the MySQL Server daemon (mysqld) to hang and produce a potentially exploitable crash. This issue can be exploited when certain applications (e.g. MySql replication) that require the 'ORDER BY' clause to work with MySql, are used. This can cause a Denial-of-Service condition to the application that uses the MySql replication. CVSS 3.1 Base Score 5.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H).
Tips for hardened installations
- You should have only one 'Server: Optimizer' configured.
- You should not set the optimizer_switch_mode to either 'innodb' or 'memcached'.
- Make sure you have the latest versions of MySQL, mysqld, and mysqldump.
- Make sure you have the latest versions of PHP and memcached.
- If you are not using an InnoDB storage engine, you should use the MySQL Workbench GUI to change the storage engine to MyISAM.
References:
- https://support.mysql.com/kb/en-us/299866
- CVE-2022-21479
- http://www.securityfocus.com/bid/94553
Article: 6 Reasons Why Digital Marketing Is Important
Digital marketing is an important aspect of a company’s growth strategy, and it can be especially beneficial for small businesses that don’t have the time or resources to invest in traditional marketing practices. With digital marketing, you can target your audience more precisely than with traditional methods, which leads to increased conversion rates and reduced costs while still reaching the right people.
The ability to target your audience better is one of the most obvious reasons why digital marketing is important. Imagine being able to market directly to people who have an interest in your products or services, or who are likely to convert into customers. With digital marketing, you can reach out to prospects through advertising on social media platforms like Facebook and Twitter, email newsletters, banner ads on popular websites, and mobile applications like Instagram or Snapchat. You don’t need luck when using these platforms because your targeted audience will only see your ad if they fall within the criteria required for you to reach them (age, gender, location).
Bug Details:
There is a flaw in the 'Server: Optimizer' in the MySQL Server related to the handling of 'ORDER BY' queries. By sending a specially crafted 'ORDER BY' query, an authenticated user can cause the MySQL Server daemon (mysqld) to hang and produce a potentially exploitable crash. This issue can be exploited when certain applications (e.g. MySql replication) that require the 'ORDER BY' clause to work with MySql, are used. This can cause a Denial-of-Service condition to the application that uses the MySql replication.
Vulnerability Symptoms and Behaviour
A vulnerability has been identified in the handling of 'ORDER BY' queries in MySQL Server. By sending a specially crafted 'ORDER BY' query, an authenticated user can cause the MySQL Server daemon (mysqld) to hang and produce a potentially exploitable crash. This issue can be exploited when certain applications (e.g. MySql replication) that require the 'ORDER BY' clause to work with MySql, are used. Such applications may produce unexpected results or fail to operate properly if the condition is met.
The vulnerability is triggered when an authenticated user sends a specially crafted 'ORDER BY' query which causes the server (mysqld) to hang and produce a potentially exploitable crash.
This issue is triggered by sending a specially crafted 'ORDER BY' query which causes the server (mysqld) to hang and produce a potentially exploitable crash.
Timeline
Published on: 04/19/2022 21:15:00 UTC
Last modified on: 05/02/2022 16:26:00 UTC