CVE-2005-0709 Information

Feb 14, 2021 cve

Description

MySQL 4.0.23 and earlier and 4.1.x up to 4.1.10 allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls as demonstrated by using strcat on_exit and exit.

Reference

http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0084.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://marc.info/?l=bugtraq&m=111066115808506&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 http://www.debian.org/security/2005/dsa-707 http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:060 http://www.novell.com/linux/security/advisories/2005_19_mysql.html http://www.redhat.com/support/errata/RHSA-2005-334.html http://www.redhat.com/support/errata/RHSA-2005-348.html http://www.securityfocus.com/bid/12781 http://www.trustix.org/errata/2005/0009/ https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10479 https://usn.ubuntu.com/96-1/

Share on: