Vigil@nce - MySQL: denial of service via Geometry
March 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can use a geometry query, in order to
stop MySQL.
Impacted products: MySQL Community, MySQL Enterprise
Severity: 1/4
Creation date: 15/03/2013
DESCRIPTION OF THE VULNERABILITY
The MySQL base can store geometric data. For example:
SET @g = ’LineString(1 1,2 2,3 3)’;
SELECT AsText(GeomFromText(@g));
The GeomFromText() function converts a text representation of the
geometric shape ("LineString(1 1,2 2,3 3)"), to a binary
representation. The AsText() function performs the reverse
operation. For example:
SELECT AsText(0x01000...);
However, if the number of points indicated in the binary
representation is greater than 127, the AsText() function
truncates data, which leads to several fatal errors.
An authenticated attacker can therefore use a geometry query, in
order to stop MySQL.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/MySQL-denial-of-service-via-Geometry-12529