CVE-2007-6304

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.

References

http://bugs.mysql.com/bug.php?id=29801

http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html

http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html

http://lists.mysql.com/announce/502

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html

http://osvdb.org/42609

http://secunia.com/advisories/28063

http://secunia.com/advisories/28128

http://secunia.com/advisories/28343

http://secunia.com/advisories/28637

http://secunia.com/advisories/28739

http://secunia.com/advisories/28838

http://secunia.com/advisories/29706

http://security.gentoo.org/glsa/glsa-200804-04.xml

http://securitytracker.com/id?1019085

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040

http://www.debian.org/security/2008/dsa-1451

http://www.mandriva.com/security/advisories?name=MDVSA-2008:017

http://www.mandriva.com/security/advisories?name=MDVSA-2008:028

http://www.securityfocus.com/archive/1/487606/100/0/threaded

http://www.securityfocus.com/bid/26832

http://www.vupen.com/english/advisories/2007/4198

https://exchange.xforce.ibmcloud.com/vulnerabilities/38990

https://issues.rpath.com/browse/RPL-2187

https://usn.ubuntu.com/559-1/

Details

Source: MITRE

Published: 2007-12-10

Updated: 2019-12-17

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.22.1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.9:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.12:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.13:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.14:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.19:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.21:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.22:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.27:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.33:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.37:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:6.0.3:*:*:*:*:*:*:*

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
17813MySQL < 5.0.51a / 5.1.23 / 6.0.4 Multiple VulnerabilitiesNessusDatabases
medium
41184SuSE9 Security Update : MySQL (YOU Patch Number 12044)NessusSuSE Local Security Checks
high
36404Mandriva Linux Security Advisory : mysql (MDVSA-2008:017)NessusMandriva Local Security Checks
medium
36399Mandriva Linux Security Advisory : mysql (MDVSA-2008:028)NessusMandriva Local Security Checks
medium
31835GLSA-200804-04 : MySQL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
30182SuSE 10 Security Update : MySQL (ZYPP Patch Number 4879)NessusSuSE Local Security Checks
high
29860Debian DSA-1451-1 : mysql-dfsg-5.0 - several vulnerabilitiesNessusDebian Local Security Checks
high
29793Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : mysql-dfsg-5.0 vulnerabilities (USN-559-1)NessusUbuntu Local Security Checks
high
4313MySQL Community Server < 5.1.23 / 6.0.4 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium
4312Oracle MySQL Enterprise Server < 5.0.52 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium
29346MySQL Enterprise Server 5.0 < 5.0.52 Multiple VulnerabilitiesNessusDatabases
medium
29345MySQL Community Server < 5.1.23 / 6.0.4 Multiple VulnerabilitiesNessusDatabases
medium
801147MySQL Community Server < 5.1.23 / 6.0.4 Multiple VulnerabilitiesLog Correlation EngineDatabase
medium
801138MySQL Enterprise Server < 5.0.52 Multiple VulnerabilitiesLog Correlation EngineDatabase
medium