Launchpad.net

CVE 2007-5925

The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.

Related bugs and status

CVE-2007-5925 (Candidate) is related to these bugs:

Bug #163811: [mysql] DoS vulnerability in InnoDB engine

Summary				In	Importance	Status
	163811	[mysql] DoS vulnerability in InnoDB engine		mysql-dfsg-5.0 (Ubuntu)	Undecided	New

Bug #172260: [mysql] multiple vulnerabilities

		In	Importance	Status
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu)	Unknown	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (tuXlab)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Dapper)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Dapper)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Dapper)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Dapper)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Edgy)	Undecided	Won't Fix
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Edgy)	Undecided	Won't Fix
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Edgy)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Edgy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Feisty)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Feisty)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Feisty)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Feisty)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Gutsy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Gutsy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Gutsy)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Gutsy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Hardy)	Unknown	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Hardy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Hardy)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Hardy)	Undecided	Invalid

Bug #937869: MySQL security update tracking bug

		In	Importance	Status
937869	MySQL security update tracking bug	mysql-5.1 (Ubuntu)	Undecided	Fix Released
937869	MySQL security update tracking bug	mysql-5.1 (Ubuntu Maverick)	Undecided	Fix Released
937869	MySQL security update tracking bug	mysql-5.1 (Ubuntu Natty)	Undecided	Fix Released
937869	MySQL security update tracking bug	mysql-5.1 (Ubuntu Oneiric)	Undecided	Fix Released
937869	MySQL security update tracking bug	mysql-dfsg-5.1 (Ubuntu)	Undecided	Fix Released
937869	MySQL security update tracking bug	mysql-dfsg-5.1 (Ubuntu Maverick)	Undecided	Invalid
937869	MySQL security update tracking bug	mysql-dfsg-5.1 (Ubuntu Natty)	Undecided	Invalid
937869	MySQL security update tracking bug	mysql-dfsg-5.1 (Ubuntu Oneiric)	Undecided	Invalid
937869	MySQL security update tracking bug	mysql-5.1 (Ubuntu Lucid)	Undecided	Invalid
937869	MySQL security update tracking bug	mysql-dfsg-5.1 (Ubuntu Lucid)	Undecided	Fix Released
937869	MySQL security update tracking bug	mysql-dfsg-5.0 (Ubuntu)	Undecided	Fix Released
937869	MySQL security update tracking bug	mysql-dfsg-5.0 (Ubuntu Lucid)	Undecided	Invalid
937869	MySQL security update tracking bug	mysql-dfsg-5.0 (Ubuntu Maverick)	Undecided	Invalid
937869	MySQL security update tracking bug	mysql-dfsg-5.0 (Ubuntu Natty)	Undecided	Invalid
937869	MySQL security update tracking bug	mysql-dfsg-5.0 (Ubuntu Oneiric)	Undecided	Invalid
937869	MySQL security update tracking bug	mysql-5.1 (Ubuntu Hardy)	Undecided	Invalid
937869	MySQL security update tracking bug	mysql-dfsg-5.0 (Ubuntu Hardy)	Undecided	Fix Released
937869	MySQL security update tracking bug	mysql-dfsg-5.1 (Ubuntu Hardy)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

FULLDISC: 20071106 MySQL 5.x DoS...
CONFIRM: http://bugs.mysql.com/...
BID: 26353
CONFIRM: http://bugs.gentoo.org...
GENTOO: GLSA-200711-25
SECUNIA: 27568
SECUNIA: 27649
SECTRACK: 1018978
DEBIAN: DSA-1413
SECUNIA: 27823
MANDRIVA: MDKSA-2007:243
SECUNIA: 28040
FEDORA: FEDORA-2007-4465
FEDORA: FEDORA-2007-4471
REDHAT: RHSA-2007:1155
REDHAT: RHSA-2007:1157
SECUNIA: 28025
SECUNIA: 28108
SECUNIA: 28099
SECUNIA: 28128
SUSE: SUSE-SR:2008:003
SECUNIA: 28838
VUPEN: ADV-2007-3903
SLACKWARE: SSA:2007-348-01
XF: mysql-hainnodb-dos(38284)
OVAL: oval:org.mitre.oval:de...
UBUNTU: USN-1397-1
UBUNTU: USN-559-1