Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: DoS via tables corruption in WordPress
From: Aris Adamantiadis <aris () 0xbadc0de be>
Date: Tue, 11 Feb 2014 14:46:13 +0100


Le 11/02/14 09:34, Andrew Nacin a écrit :
Aris mentions he experienced corruption in his own WordPress setup. It's
most likely the options table simply crashed, not as a result of any
particular exploit. This is, after all, why MySQL has a REPAIR command
(and why we have a script for users to use).

This happened again last night. The mysql corruption was caused by an
OOM random kill (thanks linux) that chose mysql daemon as a victim. The
cause of the OOM was either wordpress or piwik, probably made possible
through apache misconfiguration (too many children). I have yet to
determine if that was an accident or an attack.

If Mustlive has any real and concrete information (URL, exploit code),
please share with us.

Aris



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]