MySQL and MariaDB Geometry query Denial of Service Vulnerability
Release date:
Updated on: 2013-03-18
Affected Systems:
MySQL AB MySQL
Description:
--------------------------------------------------------------------------------
Bugtraq id: 58511
CVE (CAN) ID: CVE-2013-1861
Oracle MySQL Server is a small relational database management system. MariaDB is a MySQL branch version using the Maria storage engine and is a free open-source database server.
When MySQL and MariaDB convert the binary string expression of the Original geometry object to a text expression, MySQL's spatial function length check will overflow, resulting in application crash.
<* Source: Alyssa Milburn
Link: https://bugzilla.RedHat.com/show_bug.cgi? Id = 919247
Http://seclists.org/oss-sec/2013/q1/671
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
& Quot; select astext (0x0100000000030000000100000000000010); & quot;
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
MySQL AB
--------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.mysql.com/