People are sometimes contacting me and asking about bugs like this which provide a trivial way to crash MySQL to the user with basic privileges and asking me what to do.
My answer to them is - there is nothing new to it and they just sit should back and relax
Really - there are many ways to crash or otherwise made unavailable server with any MySQL version if you have access to it with normal privileges. We're constantly helping people to fix mistakes in the applications which make MySQL Server useless (though few of them cause crashes to be honest) so obviously it is even easier if you have intent.
In my opinion MySQL Security should be treated the following way - if you do not allow any access to MySQL Server you are reasonably secure. There were few attacks which did not require valid MySQL account and they have been normally treated …
[Read more]