Red Hat Bugzilla – Bug 434264
CVE-2006-7232 mysql: daemon crash via EXPLAIN on queries on information schema
Last modified: 2008-07-25 04:15:17 EDT
MySQL version 5.0.32 enterprise server (and 5.0.33 community server edition)
fixed following issue that can be used to crash mysql daemon:
Using EXPLAIN caused a server crash for queries that selected from
INFORMATION_SCHEMA in a subquery in the FROM clause.
Upstream bug report:
Mentioned in release notes:
This issue does not affect MySQL packages as shipped in Red Hat Enterprise Linux
2.1, 3, and 4 as those versions do not support INFORMATION_SCHEMA, which was
introduced in MySQL version 5.
MySQL packages as shipped in Red Hat Enterprise Linux 5 are affected and this
issue may be addressed there in future updates. Impact of this issue is low, as
attacker need SQL level access to SQL server and crash will only result in
temporary DoS, as mysql daemon is automatically restarted after the crash.
MySQL packages as shipped in Red Hat Application Stack v1 and 2 and also Fedora
7 and 8 are based on upstream versions with fix included.
This issue was addressed in:
Red Hat Enterprise Linux: