Ubuntu
mysql-dfsg-5.0 package

[mysql] DoS vulnerability in InnoDB engine

Bug #163811 reported by disabled.user on 2007-11-19

This bug report is a duplicate of: Bug #172260: [mysql] multiple vulnerabilities. Edit Remove

254

Affects		Status	Importance	Assigned to	Milestone
	mysql-dfsg-5.0 (Ubuntu)	New	Undecided	Unassigned

Bug Description

Binary package hint: mysql-server-5.0

References:
[1] http://www.gentoo.org/security/en/glsa/glsa-200711-25.xml
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5925

Quoting [1]:
"Joe Gallo and Artem Russakovskii reported an error in the convert_search_mode_to_innobase() function in ha_innodb.cc in the InnoDB engine that is leading to a failed assertion when handling CONTAINS operations. [...] A remote authenticated attacker with ALTER privileges could send a specially crafted request to a vulnerable database server possibly leading to a Denial of Service."

Quoting [2]:
"The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error."

CVE References

2007-5925

Revision history for this message

disabled.user (disabled.user-deactivatedaccount) wrote on 2007-11-27:

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntumysql-dfsg-5.0 package