A flaw in MySQL versions prior to 5.1.51 [1] was reported [2] that could allow an authenticated user to cause the MySQL server to enter an infinite loop by creating a query with nested JOINs when used from stored procedures and prepared statements. [1] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html [2] http://bugs.mysql.com/bug.php?id=53544 This affects MySQL 5.x, but MySQL 4.x and early do not have support for stored procedures. This causes CPU consumption around 95-100%, however connections and queries to the database can continue. Killing the query itself is ineffective, and even a 'service mysqld restart' will fail unless the mysqld process that is handling the query is forcibly killed.
To kill this thing, CTRL-C'ing out of the query (i.e. using the commandline client) does not work: # mysql -u root test <bug53544.sql field1 NULL Query aborted by Ctrl+C In the logs, you will see: 101006 17:15:41 [Warning] /usr/libexec/mysqld: Forcing close of thread 1 user: 'root' A mysqld process already exists at Wed Oct 6 17:16:41 MDT 2010 The second line is from attempting a restart: # service mysqld restart Timeout error occurred trying to stop MySQL Daemon. Stopping MySQL: [FAILED] Timeout error occurred trying to start MySQL Daemon. Starting MySQL: [FAILED] Which is due to: # ps aux|grep mysql|grep libexec mysql 24421 30.1 2.5 141300 19664 pts/0 Sl 16:43 11:00 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-external-locking --socket=/var/lib/mysql/mysql.sock and the following output from top: 24421 mysql 18 0 137m 19m 4924 S 93.4 2.5 11:28.81 mysqld You need to kill -9 the process in order to get the MySQL server back up to normal.
This issue has been assigned the name CVE-2010-3839: http://article.gmane.org/gmane.comp.security.oss.general/3627
Created attachment 453628 [details] upstream patch
This issue did NOT affect the versions of the mysql package, as shipped with Red Hat Enterprise Linux 3 and 4. This issue affects the version of mysql package, as shipped with Red Hat Enterprise Linux 5 and 6. -- This issue affects the version of mysql package, as shipped with Fedora 12 and 13.
Created mysql tracking bugs for this issue Affects: fedora-12 [bug 645647]
Created mysql tracking bugs for this issue Affects: fedora-13 [bug 645651]
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0825 https://rhn.redhat.com/errata/RHSA-2010-0825.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0164 https://rhn.redhat.com/errata/RHSA-2011-0164.html