Bug 434264 - (CVE-2006-7232) CVE-2006-7232 mysql: daemon crash via EXPLAIN on queries on information schema
CVE-2006-7232 mysql: daemon crash via EXPLAIN on queries on information schema
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
source=osssecurity,reported=20080221,...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-22 10:54 EST by Tomas Hoger
Modified: 2008-07-25 04:15 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-07-25 04:15:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2008-02-22 10:54:00 EST
MySQL version 5.0.32 enterprise server (and 5.0.33 community server edition)
fixed following issue that can be used to crash mysql daemon:

  Using EXPLAIN caused a server crash for queries that selected from
  INFORMATION_SCHEMA in a subquery in the FROM clause.

Upstream bug report:
http://bugs.mysql.com/bug.php?id=22413

Upstream commit:
http://lists.mysql.com/commits/15612

Mentioned in release notes:
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-32.html
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-33.html
Comment 2 Tomas Hoger 2008-02-22 11:28:57 EST
This issue does not affect MySQL packages as shipped in Red Hat Enterprise Linux
2.1, 3, and 4 as those versions do not support INFORMATION_SCHEMA, which was
introduced in MySQL version 5.

MySQL packages as shipped in Red Hat Enterprise Linux 5 are affected and this
issue may be addressed there in future updates.  Impact of this issue is low, as
attacker need SQL level access to SQL server and crash will only result in
temporary DoS, as mysql daemon is automatically restarted after the crash.

MySQL packages as shipped in Red Hat Application Stack v1 and 2 and also Fedora
7 and 8 are based on upstream versions with fix included.
Comment 3 Red Hat Product Security 2008-07-25 04:15:17 EDT
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2008-0364.html


Note You need to log in before you can comment on or make changes to this bug.