Emdros MQL denial of service
| emdros-mql-dos (19273) |  Low Risk |
Description:
Emdros is vulnerable to a denial of service attack, caused by a memory leak in the MQL parser. A remote attacker could send extremely large MQL statements with syntax errors to the MQL program to consume all available resources and cause a denial of service.
Platforms Affected:
- Emdros, Emdros prior to 1.1.20
Remedy:
Upgrade to the latest version of Emdros (1.1.22 or later), available from the Emdros Web site. See References.
Consequences:
Denial of Service
References:
- Emdros Web site, Emdros - the database engine for analyzed or annotated text at http://emdros.org/.
- Sourceforge Advisory 116935, Malformed MQL can lead to DOS attack at http://sourceforge.net/tracker/index.php?func=detail&aid=1116935&group_id=37219&atid=419458.
- BID-12498: Ulrik Petersen Emdros Database Engine MQL Parsing Denial Of Service Vulnerability
- CVE-2005-0415: Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow remote attackers to cause a denial of service (memory consumption) via malformed MQL statements.
Reported:
Feb 09, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net