Vigil@nce: MySQL, denial of service via bit-string
September 2008 by Vigil@nce
A local attacker can use an invalid bit-string query in order to
stop MySQL.
– Gravity: 1/4
– Consequences: denial of service of service
– Provenance: user account
– Means of attack: 1 attack
– Ability of attacker: technician (2/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 10/09/2008
– Identifier: VIGILANCE-VUL-8103
IMPACTED PRODUCTS
– MySQL Community Server [confidential versions]
– MySQL Enterprise Server [confidential versions]
DESCRIPTION
A SQL query can contain a bit-string (number represented as a
string of bits):
SELECT * FROM table WHERE v=b’10101’;
Hexadecimal values can also be represented as strings:
SELECT * FROM table WHERE v=x’1234567890abcdef’;
SELECT * FROM table WHERE v=X’1234567890ABCDEF’;
However, if the indicated string is empty (b’’), a logic error
occurs and stops MySQL.
An attacker allowed to send queries can therefore create a denial
of service.
CHARACTERISTICS
– Identifiers: 35658, BID-31081, CVE-2008-3963, VIGILANCE-VUL-8103
– Url: https://vigilance.aql.fr/tree/1/8103