Red Hat Bugzilla – Bug 420241
CVE-2007-6304 mysql: crash in federated engine caused by remote MySQL server
Last modified: 2007-12-12 04:17:58 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6304 to the following vulnerability:
The federated engine in MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, does not properly handle a response with a small number of columns, which allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.
This one is a non-issue for us, because we don't enable the federated storage engine.
Red Hat Enterprise Linux and Fedora mysql packages are not affected by this issue.
MySQL versions as shipped in Red Hat Enterprise Linux 2.1, 3, and 4 do not
support federated storage engine at all. MySQL packages as shipped in Red Hat
Enterprise Linux 5 and Fedora are not compiled with support for federated