what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2007-5925

Status Candidate

Overview

The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.

Related Files

Ubuntu Security Notice USN-1397-1
Posted Mar 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1397-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.95. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2007-5925, CVE-2008-3963, CVE-2008-4098, CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019, CVE-2009-4030, CVE-2009-4484, CVE-2010-1621, CVE-2010-1626, CVE-2010-1848, CVE-2010-1849, CVE-2010-1850, CVE-2010-2008, CVE-2010-3677, CVE-2010-3678, CVE-2010-3679, CVE-2010-3680, CVE-2010-3681, CVE-2010-3682, CVE-2010-3683, CVE-2010-3833, CVE-2010-3834, CVE-2010-3835, CVE-2010-3836, CVE-2010-3837, CVE-2010-3838
SHA-256 | dda21a42a15ae22869f978d3746bb4b1626d8469bab9ce1b18636fb138cf0739
Ubuntu Security Notice 559-1
Posted Dec 24, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 559-1 - Joe Gallo and Artem Russakovskii discovered that the InnoDB engine in MySQL did not properly perform input validation. An authenticated user could use a crafted CONTAINS statement to cause a denial of service. It was discovered that under certain conditions MySQL could be made to overwrite system table information. An authenticated user could use a crafted RENAME statement to escalate privileges. Philip Stoev discovered that the the federated engine of MySQL did not properly handle responses with a small number of columns. An authenticated user could use a crafted response to a SHOW TABLE STATUS query and cause a denial of service. It was discovered that MySQL did not properly enforce access controls. An authenticated user could use a crafted CREATE TABLE LIKE statement to escalate privileges.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2007-3781, CVE-2007-5969, CVE-2007-5925, CVE-2007-6304
SHA-256 | ae30abbfc510aa1b5374607d3162c2ecded4d5bf712509d32e195be3b8105269
Mandriva Linux Security Advisory 2007.243
Posted Dec 11, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability in MySQL prior to 5.0.45 did not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, allowing remote authenticated users to obtain sensitive information such as the table structure. A vulnerability in the InnoDB engine in MySQL allowed remote authenticated users to cause a denial of service (database crash) via certain CONTAINS operations on an indexed column, which triggered an assertion error. Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options could be used to overwrite system table information by replacing the file to which a symlink pointed to.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2007-5925, CVE-2007-5969, CVE-2007-3781
SHA-256 | 4786ea98c0b6ab4c13f9ed6e23041aa58e952b5a5219846b12a6b0c4d8df2b83
Debian Linux Security Advisory 1413-1
Posted Nov 27, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1413-1 - Several vulnerabilities have been found in the MySQL database packages with implications ranging from unauthorized database modifications to remotely triggered server crashes.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2007-2583, CVE-2007-2691, CVE-2007-2692, CVE-2007-3780, CVE-2007-3782, CVE-2007-5925
SHA-256 | 3004a57524df98d6976c1c2e06fe87754fe4a48eaf25d9d14ca11b341229fb84
Gentoo Linux Security Advisory 200711-25
Posted Nov 26, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-25 - Joe Gallo and Artem Russakovskii reported an error in the convert_search_mode_to_innobase() function in ha_innodb.cc in the InnoDB engine that is leading to a failed assertion when handling CONTAINS operations. Versions less than 5.0.44-r2 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-5925
SHA-256 | 8a44317ed2cdce532a1bec6c0df6f1c71a2072e98aeacb643fe5635596e10b4b
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close