GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Tue May 08, 2007 5:26 pm Post subject: [ GLSA 200705-11 ] MySQL: Two Denial of Service vulnerabilit |
 |
|
Gentoo Linux Security Advisory
Title: MySQL: Two Denial of Service vulnerabilities (GLSA 200705-11)
Severity: normal
Exploitable: remote
Date: May 08, 2007
Bug(s): #170126, #171934
ID: 200705-11
Synopsis
Two Denial of Service vulnerabilities have been discovered in MySQL.
Background
MySQL is a popular multi-threaded, multi-user SQL server.
Affected Packages
Package: dev-db/mysql
Vulnerable: < 5.0.38
Unaffected: >= 5.0.38
Unaffected: < 5.0
Architectures: All supported architectures
Description
mu-b discovered a NULL pointer dereference in item_cmpfunc.cc when processing certain types of SQL requests. Sec Consult also discovered another NULL pointer dereference when sorting certain types of queries on the database metadata.
Impact
In both cases, a remote attacker could send a specially crafted SQL request to the server, possibly resulting in a server crash. Note that the attacker needs the ability to execute SELECT queries.
Workaround
There is no known workaround at this time.
Resolution
All MySQL users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mysql-5.0.38" |
References
Original Report
CVE-2007-1420 |
|
News & Announcements
