Hide Forgot
It was found that MySQL server did not properly handle processing of SQL REPAIR TABLE table USE_FRM statements used on a MERGE table. A remote attacker, valid SQL user could use this flaw to cause denial of service (mysqld daemon crash). References: [1] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html [2] http://bugs.mysql.com/bug.php?id=46339 Note: On Red Hat Enterprise Linux systems exploitation of this issue would lead only to temporary denial of service, since mysqld daemon gets automatically restarted upon encountering a crash.
Public PoC from [2]: ==================== drop table if exists m1,t1; create table t1(a int)engine=myisam; create table m1(a int)engine=merge union=(t1) insert_method=last; lock table m1 read; repair table m1 use_frm;
This issue did NOT affect the versions of the mysql package, as shipped with Red Hat Enterprise Linux 4, 5, or 6. -- This issue did NOT affect the versions of the mysql package, as shipped with Fedora release of 14 and 15.