| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <52FA29A5.1030703@0xbadc0de.be> Date: Tue, 11 Feb 2014 14:46:13 +0100 From: Aris Adamantiadis <aris@...adc0de.be> To: Andrew Nacin <nacin@...dpress.org>, MustLive <mustlive@...security.com.ua> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: DoS via tables corruption in WordPress Le 11/02/14 09:34, Andrew Nacin a écrit : > Aris mentions he experienced corruption in his own WordPress setup. It's > most likely the options table simply crashed, not as a result of any > particular exploit. This is, after all, why MySQL has a REPAIR command > (and why we have a script for users to use). > This happened again last night. The mysql corruption was caused by an OOM random kill (thanks linux) that chose mysql daemon as a victim. The cause of the OOM was either wordpress or piwik, probably made possible through apache misconfiguration (too many children). I have yet to determine if that was an accident or an attack. If Mustlive has any real and concrete information (URL, exploit code), please share with us. Aris > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists