Joined: 12 May 2004
|Posted: Tue May 08, 2007 5:26 pm Post subject: [ GLSA 200705-11 ] MySQL: Two Denial of Service vulnerabilit
|Gentoo Linux Security Advisory
Title: MySQL: Two Denial of Service vulnerabilities (GLSA 200705-11)
Date: May 08, 2007
Bug(s): #170126, #171934
Two Denial of Service vulnerabilities have been discovered in MySQL.
MySQL is a popular multi-threaded, multi-user SQL server.
Vulnerable: < 5.0.38
Unaffected: >= 5.0.38
Unaffected: < 5.0
Architectures: All supported architectures
mu-b discovered a NULL pointer dereference in item_cmpfunc.cc when processing certain types of SQL requests. Sec Consult also discovered another NULL pointer dereference when sorting certain types of queries on the database metadata.
In both cases, a remote attacker could send a specially crafted SQL request to the server, possibly resulting in a server crash. Note that the attacker needs the ability to execute SELECT queries.
There is no known workaround at this time.
All MySQL users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mysql-5.0.38"