MySQL and MariaDB Geometry query Denial of Service Vulnerability

MySQL and MariaDB Geometry query Denial of Service Vulnerability

Release date:
Updated on: 2013-03-18

Affected Systems:
MySQL AB MySQL
Description:
--------------------------------------------------------------------------------
Bugtraq id: 58511
CVE (CAN) ID: CVE-2013-1861
 
Oracle MySQL Server is a small relational database management system. MariaDB is a MySQL branch version using the Maria storage engine and is a free open-source database server.
 
When MySQL and MariaDB convert the binary string expression of the Original geometry object to a text expression, MySQL's spatial function length check will overflow, resulting in application crash.
 
<* Source: Alyssa Milburn

Link: https://bugzilla.RedHat.com/show_bug.cgi? Id = 919247
Http://seclists.org/oss-sec/2013/q1/671
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
& Quot; select astext (0x0100000000030000000100000000000010); & quot;

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
MySQL AB
--------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 
Http://www.mysql.com/