Hide Forgot
An assertion failure was found in the way MySQL server processed certain SQL queries, containing SHOW CREATE TABLE statement and referencing InnoDB storage engine table with the auto-increment column, when such queries were run upon server restart. A remote attacker, valid SQL user could use this flaw to cause denial of service (mysqld daemon abort due assertion failure). References: [1] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html [2] http://bugs.mysql.com/bug.php?id=55277 [3] http://lists.mysql.com/commits/119960?f=plain Note: On Red Hat Enterprise Linux systems mysqld daemon is not compiled with built-in assertion checks support, thus as such would not be affected by this issue.
Public PoC from [2]: ==================== How to repeat: drop table if exists t1; create table t1(a bigint unsigned not null auto_increment primary key)engine=innodb; insert into t1 values (null); insert into t1 values (18446744073709551615); #restart server show create table t1;
This issue does NOT affect the versions of the mysql package, as shipped with Red Hat Enterprise Linux 4, 5, and 6. -- This issue does NOT affect the version of the mysql package, as shipped with Fedora release of 14 and 15.
(In reply to comment #0) > [3] http://lists.mysql.com/commits/119960?f=plain Not very good as a commit link, this should be better: http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1/revision/3477
(In reply to comment #10) > (In reply to comment #0) > > [3] http://lists.mysql.com/commits/119960?f=plain > Wasn't intended to be a link to patch (rather reference to test case, since upstream report 1) either doesn't have one 2) isn't accessible at all). But you are right, the one below looks better. > Not very good as a commit link, this should be better: > http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1/revision/3477