// For flags

CVE-2007-5925

MySQL 5.1.23 - Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial of Service

Severity Score

6.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.

La función convert_search_mode_to_innobase del ha_innodb.cc en el motor InnoDB del 5.1.23-BK y versiones anteriores permite a usuarios remotos autenticados provocar una denegación de servicio (caída de la base de datos) a través de ciertas operaciones CONTAINS sobre un índice de una columna, lo que dispara una afirmación de error.

Joe Gallo and Artem Russakovskii discovered that the InnoDB engine in MySQL did not properly perform input validation. An authenticated user could use a crafted CONTAINS statement to cause a denial of service. It was discovered that under certain conditions MySQL could be made to overwrite system table information. An authenticated user could use a crafted RENAME statement to escalate privileges. Philip Stoev discovered that the the federated engine of MySQL did not properly handle responses with a small number of columns. An authenticated user could use a crafted response to a SHOW TABLE STATUS query and cause a denial of service. It was discovered that MySQL did not properly enforce access controls. An authenticated user could use a crafted CREATE TABLE LIKE statement to escalate privileges.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-11-05 First Exploit
  • 2007-11-09 CVE Reserved
  • 2007-11-10 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-05-15 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (31)
URL Tag Source
http://bugs.gentoo.org/show_bug.cgi?id=198988 X_refsource_confirm
http://bugs.mysql.com/bug.php?id=32125 X_refsource_confirm
http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/067350.html Mailing List
http://secunia.com/advisories/27568 Third Party Advisory
http://secunia.com/advisories/27649 Third Party Advisory
http://secunia.com/advisories/27823 Third Party Advisory
http://secunia.com/advisories/28025 Third Party Advisory
http://secunia.com/advisories/28040 Third Party Advisory
http://secunia.com/advisories/28099 Third Party Advisory
http://secunia.com/advisories/28108 Third Party Advisory
http://secunia.com/advisories/28128 Third Party Advisory
http://secunia.com/advisories/28838 Third Party Advisory
http://www.securityfocus.com/bid/26353 Vdb Entry
http://www.securitytracker.com/id?1018978 Vdb Entry
http://www.vupen.com/english/advisories/2007/3903 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/38284 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11390 Signature
URL Date SRC
https://www.exploit-db.com/exploits/30744 2007-11-05
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html 2018-10-03
http://security.gentoo.org/glsa/glsa-200711-25.xml 2018-10-03
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 2018-10-03
http://www.debian.org/security/2007/dsa-1413 2018-10-03
http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 2018-10-03
http://www.redhat.com/support/errata/RHSA-2007-1155.html 2018-10-03
http://www.redhat.com/support/errata/RHSA-2007-1157.html 2018-10-03
http://www.ubuntu.com/usn/USN-1397-1 2018-10-03
https://usn.ubuntu.com/559-1 2018-10-03
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html 2018-10-03
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html 2018-10-03
https://access.redhat.com/security/cve/CVE-2007-5925 2007-12-19
https://bugzilla.redhat.com/show_bug.cgi?id=377451 2007-12-19
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mysql
Search vendor "Mysql"
 Mysql
Search vendor "Mysql" for product "Mysql"
 <= 5.1.23_bk
Search vendor "Mysql" for product "Mysql" and version " <= 5.1.23_bk"
-
Affected