CVE-2006-7232

sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.
References
Link Resource
http://bugs.mysql.com/bug.php?id=22413 Patch Vendor Advisory
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-32.html Vendor Advisory
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-14.html Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html Third Party Advisory
http://secunia.com/advisories/29443 Third Party Advisory
http://secunia.com/advisories/30351 Third Party Advisory
http://secunia.com/advisories/31687 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0364.html Third Party Advisory
http://www.securityfocus.com/bid/28351 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-588-1 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11720 Third Party Advisory
http://bugs.mysql.com/bug.php?id=22413 Patch Vendor Advisory
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-32.html Vendor Advisory
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-14.html Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html Third Party Advisory
http://secunia.com/advisories/29443 Third Party Advisory
http://secunia.com/advisories/30351 Third Party Advisory
http://secunia.com/advisories/31687 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0364.html Third Party Advisory
http://www.securityfocus.com/bid/28351 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-588-1 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11720 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*

History

21 Nov 2024, 00:24

Type Values Removed Values Added
References () http://bugs.mysql.com/bug.php?id=22413 - Patch, Vendor Advisory () http://bugs.mysql.com/bug.php?id=22413 - Patch, Vendor Advisory
References () http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-32.html - Vendor Advisory () http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-32.html - Vendor Advisory
References () http://dev.mysql.com/doc/refman/5.1/en/news-5-1-14.html - Vendor Advisory () http://dev.mysql.com/doc/refman/5.1/en/news-5-1-14.html - Vendor Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html - Third Party Advisory
References () http://secunia.com/advisories/29443 - Third Party Advisory () http://secunia.com/advisories/29443 - Third Party Advisory
References () http://secunia.com/advisories/30351 - Third Party Advisory () http://secunia.com/advisories/30351 - Third Party Advisory
References () http://secunia.com/advisories/31687 - Third Party Advisory () http://secunia.com/advisories/31687 - Third Party Advisory
References () http://www.redhat.com/support/errata/RHSA-2008-0364.html - Third Party Advisory () http://www.redhat.com/support/errata/RHSA-2008-0364.html - Third Party Advisory
References () http://www.securityfocus.com/bid/28351 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/28351 - Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/usn-588-1 - Third Party Advisory () http://www.ubuntu.com/usn/usn-588-1 - Third Party Advisory
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11720 - Third Party Advisory () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11720 - Third Party Advisory

Information

Published : 2006-12-31 05:00

Updated : 2024-11-21 00:24


NVD link : CVE-2006-7232

Mitre link : CVE-2006-7232

CVE.ORG link : CVE-2006-7232


JSON object : View

Products Affected

canonical

  • ubuntu_linux

mysql

  • mysql
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')