sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
| Link | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html | third party advisory vendor advisory |
| http://dev.mysql.com/doc/refman/5.1/en/news-5-1-14.html | vendor advisory |
| http://secunia.com/advisories/29443 | third party advisory |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11720 | signature third party advisory vdb entry |
| http://secunia.com/advisories/31687 | third party advisory |
| http://bugs.mysql.com/bug.php?id=22413 | patch vendor advisory |
| http://www.securityfocus.com/bid/28351 | third party advisory vdb entry |
| http://secunia.com/advisories/30351 | third party advisory |
| http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-32.html | vendor advisory |
| http://www.ubuntu.com/usn/usn-588-1 | third party advisory vendor advisory |
| http://www.redhat.com/support/errata/RHSA-2008-0364.html | third party advisory vendor advisory |