CVE-2007-1420
published 2007-03-12CVE-2007-1420: MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY…
PriorityP410low2.1CVSS 2.0
AVLACLAuNCNINAP
EXPLOIT
EPSS
0.98%
57.9th percentile
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mysql | mysql | <= 5.0.33 | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat2.1LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
MySQL vulnerability
vendor_ubuntu·2007-03-22
CVE-2007-1420 MySQL vulnerability
Title: MySQL vulnerability
Summary: MySQL vulnerability
Stefan Streichbier and B. Mueller of SEC Consult discovered that MySQL
subselect queries using "ORDER BY" could be made to crash the MySQL
server. An attacker with access to a MySQL instance could cause an
intermitant denial of service.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
Single MySQL worker can be crashed (NULL deref) with certain SELECT statements
vendor_redhat·2007-03-09·CVSS 2.1
CVE-2007-1420 [LOW] CWE-476 Single MySQL worker can be crashed (NULL deref) with certain SELECT statements
Single MySQL worker can be crashed (NULL deref) with certain SELECT statements
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.
Statement: This issue did not affect mysql packages as shipped in Red Hat Enterprise Linux 2.1, 3, and 4.
GHSA
GHSA-gf4h-r5mj-gf9j: MySQL 5
ghsa_unreviewed·2022-05-01
CVE-2007-1420 [LOW] GHSA-gf4h-r5mj-gf9j: MySQL 5
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.
No detection rules found.
Bugzilla
CVE-2007-1420 Single MySQL worker can be crashed (NULL deref) with certain SELECT statements
bugzilla·2007-03-16·CVSS 2.1
CVE-2007-1420 [LOW] CVE-2007-1420 Single MySQL worker can be crashed (NULL deref) with certain SELECT statements
CVE-2007-1420 Single MySQL worker can be crashed (NULL deref) with certain SELECT statements
+++ This bug was initially created as a clone of Bug #232603 +++
Description of problem:
A NULL pointer dereference occurs after issuing the SELECT statements
below. Security impact is very limited, as only one worker crashes, leaving
the server running and ready for service. Additionally, an attacker must be
authenticated and permitted to execute arbitrary SELECT statements.
Version-Release number of selected component (if applicable):
Does not affect MySQL 4.
How reproducible:
Always, by an authenticated user.
Steps to Reproduce:
SELECT ASCII((SELECT table_name FROM information_schema.columns ORDER BY 1));
SELECT TRIM(LEADING FROM (SELECT table_name FROM information_schema.columns
ORDER
Bugzilla
CVE-2007-1420 Single MySQL worker can be crashed (NULL deref) with certain SELECT statements
bugzilla·2007-03-16·CVSS 2.1
CVE-2007-1420 [LOW] CVE-2007-1420 Single MySQL worker can be crashed (NULL deref) with certain SELECT statements
CVE-2007-1420 Single MySQL worker can be crashed (NULL deref) with certain SELECT statements
Description of problem:
A NULL pointer dereference occurs after issuing the SELECT statements
below. Security impact is very limited, as only one worker crashes, leaving
the server running and ready for service. Additionally, an attacker must be
authenticated and permitted to execute arbitrary SELECT statements.
Version-Release number of selected component (if applicable):
Does not affect MySQL 4.
How reproducible:
Always, by an authenticated user.
Steps to Reproduce:
SELECT ASCII((SELECT table_name FROM information_schema.columns ORDER BY 1));
SELECT TRIM(LEADING FROM (SELECT table_name FROM information_schema.columns
ORDER BY 1));
SELECT SUBSTR((SELECT table_name FROM information_schema.t
http://bugs.mysql.com/bug.php?id=24630http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-36.htmlhttp://secunia.com/advisories/24483http://secunia.com/advisories/24609http://secunia.com/advisories/25196http://secunia.com/advisories/25389http://secunia.com/advisories/25946http://secunia.com/advisories/30351http://security.gentoo.org/glsa/glsa-200705-11.xmlhttp://securityreason.com/securityalert/2413http://www.mandriva.com/security/advisories?name=MDKSA-2007:139http://www.redhat.com/support/errata/RHSA-2008-0364.htmlhttp://www.sec-consult.com/284.htmlhttp://www.securityfocus.com/archive/1/462339/100/0/threadedhttp://www.securityfocus.com/bid/22900http://www.securitytracker.com/id?1017746http://www.ubuntu.com/usn/usn-440-1http://www.vupen.com/english/advisories/2007/0908https://issues.rpath.com/browse/RPL-1127https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9530http://bugs.mysql.com/bug.php?id=24630http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-36.htmlhttp://secunia.com/advisories/24483http://secunia.com/advisories/24609http://secunia.com/advisories/25196http://secunia.com/advisories/25389http://secunia.com/advisories/25946http://secunia.com/advisories/30351http://security.gentoo.org/glsa/glsa-200705-11.xmlhttp://securityreason.com/securityalert/2413http://www.mandriva.com/security/advisories?name=MDKSA-2007:139http://www.redhat.com/support/errata/RHSA-2008-0364.htmlhttp://www.sec-consult.com/284.htmlhttp://www.securityfocus.com/archive/1/462339/100/0/threadedhttp://www.securityfocus.com/bid/22900http://www.securitytracker.com/id?1017746http://www.ubuntu.com/usn/usn-440-1http://www.vupen.com/english/advisories/2007/0908https://issues.rpath.com/browse/RPL-1127https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9530
2007-03-12
Published