[debian-mysql] Bug#455737: CVE-2007-6304: DoS via mysql servers

Steffen Joeris steffen.joeris at skolelinux.de
Tue Dec 11 15:47:29 UTC 2007

Package: mysql-dfsg-5.0
Severity: important
Tags: security


The following CVE[0] has been issued against mysql-dfsg-5.0.


The federated engine in MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23,
and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS
query, does not properly handle a response with a small number of
columns, which allows remote MySQL servers to cause a denial of service
(federated handler crash and daemon crash) via a response that lacks the
minimum required number of columns.

Prepared patch can be found here[1].


[0]: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6304

[1]: http://klecker.debian.org/~white/mysql/CVE-2007-6304.patch

More information about the pkg-mysql-maint mailing list