Summaryinfo

A vulnerability was found in Oracle MySQL Server up to 5.5.25 on Linux. It has been rated as problematic. This vulnerability affects the function UPDATE of the component InnoDB. This manipulation with the input UPDATE t1 SET id2 = id2 + 1, b = null WHERE a is null and id1 = 2; causes denial of service. Furthermore, an exploit is available. Upgrading the affected component is advised.

Detailsinfo

A vulnerability classified as critical was found in Oracle MySQL Server up to 5.5.25 on Linux (Database Software). Affected by this vulnerability is the function UPDATE of the component InnoDB. The manipulation with the input value UPDATE t1 SET id2 = id2 + 1, b = null WHERE a is null and id1 = 2; leads to a denial of service vulnerability. The CWE definition for the vulnerability is CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. As an impact it is known to affect availability.

The weakness was published 06/27/2012 by Hartmut Holzgraefe with SkySQL as Bug #65745 as not defined posting (Website). It is possible to read the advisory at bugs.mysql.com. The public release has been coordinated with Oracle. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details and also a public exploit are known.

A public exploit has been developed by Hartmut Holzgraefe in SQL and been published immediately after the advisory. It is possible to download the exploit at bugs.mysql.com. It is declared as proof-of-concept.

Upgrading to version 5.5.25a, 5.5.26 or 5.6.6 eliminates this vulnerability. The problem might be mitigated by replacing the product with Oracle DB or MS SQL as an alternative. The best possible mitigation is suggested to be upgrading to the latest version. Heise writes: "Although the bug has been corrected with the new version, Oracle has failed so far to explain how users can reduce the size of the potentially excessively large files. In a blog post and in the bug report comments, Peter Laursen offers some solutions. If the disk space is being used by temporary tables, one possibility is to simply stop the server, empty the Temp directory and then restart the server. If InnoDB tables are the source of the disk space consumption, the problem is somewhat harder to resolve. Laursen suggests that running OPTIMIZE TABLE for each affected table should fix this, provided that the 'innodb_file_per_table' option is set and there is enough free disk space to execute the OPTIMIZE TABLE. If that is not the case, Laursen says that the only option is to dump all databases and restore them to a fresh server/InnoDB instance."

Additional details are provided at webyog.com. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• Database Software

Vendor

• Oracle

Name

• MySQL Server

Version

• 5.5.0
• 5.5.1
• 5.5.2
• 5.5.3
• 5.5.4
• 5.5.5
• 5.5.6
• 5.5.7
• 5.5.8
• 5.5.9
• 5.5.10
• 5.5.11
• 5.5.12
• 5.5.13
• 5.5.14
• 5.5.15
• 5.5.16
• 5.5.17
• 5.5.18
• 5.5.19
• 5.5.20
• 5.5.21
• 5.5.22
• 5.5.23
• 5.5.24
• 5.5.25

License

• open-source

Website

• Vendor: https://www.oracle.com

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion