National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2007-6304 Detail

Current Description

The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.

Source:  MITRE      Last Modified:  12/10/2007      View Analysis Description

Quick Info

CVE Dictionary Entry:
CVE-2007-6304
Original release date:
12/10/2007
Last revised:
08/07/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
5.0 MEDIUM
Vector:
(AV:N/AC:L/Au:N/C:N/I:N/A:P) (legend)
Impact Subscore:
2.9
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Allows disruption of service

Vendor Statements (disclaimer)

Official Statement from Red Hat (12/14/2007)

Not vulnerable. The MySQL versions as shipped in Red Hat Enterprise Linux 2.1, 3, and 4 do not support federated storage engine. The MySQL package as shipped in Red Hat Enterprise Linux 5, Red Hat Application Stack v1, and Red Hat Application Stack v2 are not compiled with support for federated storage engine.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://bugs.mysql.com/bug.php?id=29801 Exploit External Source CONFIRM http://bugs.mysql.com/bug.php?id=29801
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html External Source CONFIRM http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html External Source CONFIRM http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html External Source CONFIRM http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html
http://lists.mysql.com/announce/502 External Source CONFIRM http://lists.mysql.com/announce/502
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html External Source SUSE SUSE-SR:2008:003
http://security.gentoo.org/glsa/glsa-200804-04.xml External Source GENTOO GLSA-200804-04
http://securitytracker.com/id?1019085 External Source SECTRACK 1019085
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 External Source CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040
http://www.debian.org/security/2008/dsa-1451 External Source DEBIAN DSA-1451
http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 External Source MANDRIVA MDVSA-2008:017
http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 External Source MANDRIVA MDVSA-2008:028
http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded External Source BUGTRAQ 20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server
http://www.securityfocus.com/bid/26832 External Source BID 26832
http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 External Source UBUNTU USN-559-1
http://www.vupen.com/english/advisories/2007/4198 Vendor Advisory External Source VUPEN ADV-2007-4198
https://exchange.xforce.ibmcloud.com/vulnerabilities/38990 External Source XF mysql-federated-engine-dos(38990)
https://issues.rpath.com/browse/RPL-2187 External Source CONFIRM https://issues.rpath.com/browse/RPL-2187

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
OR
cpe:2.3:a:mysql:mysql:5.0:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.0:alpha:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.3:beta:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.3a:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.4a:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.10a:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.13:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.14:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.15a:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.16a:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.17a:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.18:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.19:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.20a:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.21:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.22:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.22.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.27:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.33:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.37:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.41:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.1.10:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.1.11:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.1.12:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.1.13:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.1.14:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.1.15:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.1.16:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.1.17:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:6.0.3:*:*:*:*:*:*:*

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History 2 change records found - show changes