COMMAND

    mSQL/MySQL

SYSTEMS AFFECTED

    Systems running mSQL/MySQL

PROBLEM

    Mark Jeftovic  found following.   This was  tested tested  on mSQL
    1.0.16  and  MySQL  3.20.20  on  Slackware  2.0.27  and  the MySQL
    additionally on  FreeBSD 2.2.2-current  and it  was confirmed with
    mSQL 2.0.1 under HPUX 10.20 and NetBSD 1.3.  It seems that if  one
    wants to bring a website that  relies heavily on mSQL or MySQL  to
    it's knees, simply telnet to the port the server listens on  (1112
    for mSQL or 3333 for MySQL) and then just sit there, forget  about
    it.

    Nothing on the server will be able to query any of the  databases.
    The admin shutdown or reload commands will hang, etc.  As long  as
    someone keeps the null connection  open to the SQL server's  port,
    the only way to resume  database operations is to kill  the parent
    process and restart the daemon.  This seems to work regardless  of
    what's in the acl files or tables.  A site using mod_auth_msql  or
    mod_auth_mysql would be especially inconvenienced.

SOLUTION

    This never was  fatal (only VERY  annoying) for MySQL  3.20. MySQL
    has a timeout of  30 seconds for each  read from the client.  This
    means that  the 'hang'  only lasts  30 seconds  for MySQL.   MySQL
    3.21.26 and below has the same problem. In 3.21.27 connect timeout
    was changed to 3 seconds  to make it somewhat harder  for crackers
    to kill mysqld trough telnet + TCP/IP.