exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2007-5925

Status Candidate

Overview

The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.

Related Files

Ubuntu Security Notice USN-1397-1
Posted Mar 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1397-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.95. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2007-5925, CVE-2008-3963, CVE-2008-4098, CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019, CVE-2009-4030, CVE-2009-4484, CVE-2010-1621, CVE-2010-1626, CVE-2010-1848, CVE-2010-1849, CVE-2010-1850, CVE-2010-2008, CVE-2010-3677, CVE-2010-3678, CVE-2010-3679, CVE-2010-3680, CVE-2010-3681, CVE-2010-3682, CVE-2010-3683, CVE-2010-3833, CVE-2010-3834, CVE-2010-3835, CVE-2010-3836, CVE-2010-3837, CVE-2010-3838
SHA-256 | dda21a42a15ae22869f978d3746bb4b1626d8469bab9ce1b18636fb138cf0739
Ubuntu Security Notice 559-1
Posted Dec 24, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 559-1 - Joe Gallo and Artem Russakovskii discovered that the InnoDB engine in MySQL did not properly perform input validation. An authenticated user could use a crafted CONTAINS statement to cause a denial of service. It was discovered that under certain conditions MySQL could be made to overwrite system table information. An authenticated user could use a crafted RENAME statement to escalate privileges. Philip Stoev discovered that the the federated engine of MySQL did not properly handle responses with a small number of columns. An authenticated user could use a crafted response to a SHOW TABLE STATUS query and cause a denial of service. It was discovered that MySQL did not properly enforce access controls. An authenticated user could use a crafted CREATE TABLE LIKE statement to escalate privileges.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2007-3781, CVE-2007-5969, CVE-2007-5925, CVE-2007-6304
SHA-256 | ae30abbfc510aa1b5374607d3162c2ecded4d5bf712509d32e195be3b8105269
Mandriva Linux Security Advisory 2007.243
Posted Dec 11, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability in MySQL prior to 5.0.45 did not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, allowing remote authenticated users to obtain sensitive information such as the table structure. A vulnerability in the InnoDB engine in MySQL allowed remote authenticated users to cause a denial of service (database crash) via certain CONTAINS operations on an indexed column, which triggered an assertion error. Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options could be used to overwrite system table information by replacing the file to which a symlink pointed to.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2007-5925, CVE-2007-5969, CVE-2007-3781
SHA-256 | 4786ea98c0b6ab4c13f9ed6e23041aa58e952b5a5219846b12a6b0c4d8df2b83
Debian Linux Security Advisory 1413-1
Posted Nov 27, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1413-1 - Several vulnerabilities have been found in the MySQL database packages with implications ranging from unauthorized database modifications to remotely triggered server crashes.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2007-2583, CVE-2007-2691, CVE-2007-2692, CVE-2007-3780, CVE-2007-3782, CVE-2007-5925
SHA-256 | 3004a57524df98d6976c1c2e06fe87754fe4a48eaf25d9d14ca11b341229fb84
Gentoo Linux Security Advisory 200711-25
Posted Nov 26, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-25 - Joe Gallo and Artem Russakovskii reported an error in the convert_search_mode_to_innobase() function in ha_innodb.cc in the InnoDB engine that is leading to a failed assertion when handling CONTAINS operations. Versions less than 5.0.44-r2 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-5925
SHA-256 | 8a44317ed2cdce532a1bec6c0df6f1c71a2072e98aeacb643fe5635596e10b4b
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close