Bug 434264 (CVE-2006-7232)
| Summary: | CVE-2006-7232 mysql: daemon crash via EXPLAIN on queries on information schema | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | tgl |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-07-25 08:15:17 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Tomas Hoger
2008-02-22 15:54:00 UTC
This issue does not affect MySQL packages as shipped in Red Hat Enterprise Linux 2.1, 3, and 4 as those versions do not support INFORMATION_SCHEMA, which was introduced in MySQL version 5. MySQL packages as shipped in Red Hat Enterprise Linux 5 are affected and this issue may be addressed there in future updates. Impact of this issue is low, as attacker need SQL level access to SQL server and crash will only result in temporary DoS, as mysql daemon is automatically restarted after the crash. MySQL packages as shipped in Red Hat Application Stack v1 and 2 and also Fedora 7 and 8 are based on upstream versions with fix included. This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0364.html |