Bug 201904 - (CVE-2006-3469) CVE-2006-3469 mysql server DoS
CVE-2006-3469 mysql server DoS
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity low
: ---
: ---
Assigned To: Tom Lane
David Lawrence
impact=low,source=cve,reported=200607...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-08-09 14:26 EDT by Josh Bressers
Modified: 2013-07-02 23:10 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-07-25 03:51:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2006-08-09 14:26:17 EDT
mysql server DoS

A bug was found in the mysql server which can allow an authenticated
remote users cause a temporary DoS on the server.  All clients
connected to the server will be disconnected, they will have to
reconnect to the sql server.

Affects 4.1 before 4.1.21 and 5.0 (doesn't affect 3.x)

The upstream bug is here:
http://bugs.mysql.com/bug.php?id=20729
Comment 1 Tom Lane 2006-08-09 16:35:05 EDT
Per discussion, the odds of real applications being vulnerable to this seem pretty low, so we're not going 
to turn the RHEL4 mysql package just for this --- putting it in the queue for next update.
Comment 2 Daniel Bartlett 2007-06-20 06:57:03 EDT
This is more of a concern in a shared hosting environment. Any user who has a
mysql account can cause the mysqld process to crash. I bump this bug for more
attention.

Regards,
Daniel.
Comment 7 Mark J. Cox (Product Security) 2007-08-21 07:05:13 EDT
moving to security response parent bug, should this deferred issue get picked up
for a future update we'll create tracking bugs with appropriate flags set at
that time.
Comment 12 Tomas Hoger 2008-05-02 07:53:57 EDT
Reproducers from the upstream bug:

select date_format('%d%s', 1);
select date_format('%Y-%m-%d %H:%i:%s', 1151414896);

Upstream commit:

http://lists.mysql.com/commits/9048
Comment 15 Red Hat Product Security 2008-07-25 03:51:01 EDT
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2008-0768.html


Note You need to log in before you can comment on or make changes to this bug.