PT-2007-6858 · Oracle+1 · Mysql Server+1

Published

2007-11-10

Updated

2018-10-03

CVE-2007-5925

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions MySQL versions 5.1.23-BK and earlier

Description The issue is related to the convert search mode to innobase function in ha innodb.cc in the InnoDB engine, which allows remote authenticated users to cause a denial of service, resulting in a database crash. This is achieved through a specific CONTAINS operation on an indexed column, triggering an assertion error.

Recommendations For MySQL versions 5.1.23-BK and earlier, consider restricting access to the InnoDB engine or limiting the use of CONTAINS operations on indexed columns until a fix is available. As a temporary workaround, avoid using the CONTAINS operation on indexed columns to minimize the risk of a database crash.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2007-5925

DSA-1413-1

DTSA-91-1

RHSA-2007:1155

RHSA-2007:1157

RHSA-2007_1155

Affected Products

Mysql Server

Red Hat

PT-2007-6858 · Oracle+1 · Mysql Server+1

CVE-2007-5925

Weakness Enumeration

Related Identifiers

Affected Products

References · 34