MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll.
{"id": "CVE-2005-2572", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2005-2572", "description": "MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll.", "published": "2005-08-16T04:00:00", "modified": "2019-12-17T17:14:00", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 8.5}, "severity": "HIGH", "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2572", "reporter": "cve@mitre.org", "references": ["http://www.appsecinc.com/resources/alerts/mysql/2005-003.html", "http://secunia.com/advisories/54788", "http://www.securitytracker.com/id/1029010", "http://www.securityfocus.com/bid/62358", "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409", "http://marc.info/?l=bugtraq&m=112360818900941&w=2", "https://exchange.xforce.ibmcloud.com/vulnerabilities/21756"], "cvelist": ["CVE-2005-2572"], "immutableFields": [], "lastseen": "2022-03-23T12:18:00", "viewCount": 41, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["8218.PRM", "MYSQL_USER_DEFINED_FUNCTIONS_RESTRICTIONS.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29808", "SECURITYVULNS:DOC:30182", "SECURITYVULNS:VULN:13282", "SECURITYVULNS:VULN:13501"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2005-2572"]}], "rev": 4}, "score": {"value": 6.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "nessus", "idList": ["MYSQL_USER_DEFINED_FUNCTIONS_RESTRICTIONS.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13282"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2005-2572"]}]}, "exploitation": null, "vulnersScore": 6.5}, "_state": {"dependencies": 1659687063, "score": 1659693657}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:oracle:mysql:5.0.33"], "cpe23": ["cpe:2.3:a:oracle:mysql:5.0.33:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "affectedSoftware": [{"cpeName": "oracle:mysql", "version": "5.0.33", "operator": "eq", "name": "oracle mysql"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.33:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "http://www.appsecinc.com/resources/alerts/mysql/2005-003.html", "name": "http://www.appsecinc.com/resources/alerts/mysql/2005-003.html", "refsource": "MISC", "tags": ["Vendor Advisory"]}, {"url": "http://secunia.com/advisories/54788", "name": "54788", "refsource": "SECUNIA", "tags": []}, {"url": "http://www.securitytracker.com/id/1029010", "name": "1029010", "refsource": "SECTRACK", "tags": []}, {"url": "http://www.securityfocus.com/bid/62358", "name": "62358", "refsource": "BID", "tags": []}, {"url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409", "name": "HPSBPV02918", "refsource": "HP", "tags": []}, {"url": "http://marc.info/?l=bugtraq&m=112360818900941&w=2", "name": "20050808 [AppSecInc Advisory MYSQL05-V0003] Multiple Issues with MySQL User Defined Functions", "refsource": "BUGTRAQ", "tags": []}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21756", "name": "mysql-loadlibraryex-dos(21756)", "refsource": "XF", "tags": []}]}
{"ubuntucve": [{"lastseen": "2022-08-04T14:48:25", "description": "MySQL, when running on Windows, allows remote authenticated users with\ninsert privileges on the mysql.func table to cause a denial of service\n(server hang) and possibly execute arbitrary code via (1) a request for a\nnon-library file, which causes the Windows LoadLibraryEx function to block,\nor (2) a request for a function in a library that has the XXX_deinit or\nXXX_init functions defined but is not tailored for mySQL, such as\njpeg1x32.dll and jpeg2x32.dll.", "cvss3": {}, "published": "2005-08-16T00:00:00", "type": "ubuntucve", "title": "CVE-2005-2572", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2572"], "modified": "2005-08-16T00:00:00", "id": "UB:CVE-2005-2572", "href": "https://ubuntu.com/security/CVE-2005-2572", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T12:50:28", "description": "User-defined functions in MySQL can allow a database user to load binary libraries. The insert privilege on the table '/mysql.func' is required for a user to create user-defined functions. It was confirmed that MySQL on the Windows platform (and possibly other platforms, though unverified) is potentially impacted by the following vulnerabilities:\n\n - If an invalid library is requested the Windows function 'LoadLibraryEx' will block processing until an error dialog box is acknowledged on the server. It is not likely that non-Windows systems are affected by this particular issue.\n\n - MySQL requires that user-defined libraries contain functions with names fitting the formats: 'XXX_deinit' or 'XXX_init'. However, other libraries are known to contain functions fitting these formats and, when called upon, can cause application crashes, memory corruption and stack pollution.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-04-24T00:00:00", "type": "nessus", "title": "MySQL User Defined Function Detected", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2572"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*"], "id": "8218.PRM", "href": "https://www.tenable.com/plugins/nnm/8218", "sourceData": "Binary data 8218.prm", "cvss": {"score": 8.5, "vector": "CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:22", "description": "User-defined functions in MySQL can allow a database user to cause binary libraries on the host to be loaded. The insert privilege on the table 'mysql.func' is required for a user to create user-defined functions. When running on Windows and possibly other operating systems, MySQL is potentially affected by the following vulnerabilities:\n\n - If an invalid library is requested the Windows function 'LoadLibraryEx' will block processing until an error dialog box is acknowledged on the server.\n It is not likely that non-Windows systems are affected by this particular issue.\n\n - MySQL requires that user-defined libraries contain functions with names fitting the formats: 'XXX_deinit' or 'XXX_init'. However, other libraries are known to contain functions fitting these formats and, when called upon, can cause application crashes, memory corruption and stack pollution.", "cvss3": {"score": null, "vector": null}, "published": "2011-11-18T00:00:00", "type": "nessus", "title": "MySQL User-Defined Functions Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2572"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:mysql:mysql"], "id": "MYSQL_USER_DEFINED_FUNCTIONS_RESTRICTIONS.NASL", "href": "https://www.tenable.com/plugins/nessus/17698", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(17698);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\"CVE-2005-2572\");\n script_bugtraq_id(62358);\n\n script_name(english:\"MySQL User-Defined Functions Multiple Vulnerabilities\");\n script_summary(english:\"Checks for MySQL.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is potentially affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"User-defined functions in MySQL can allow a database user to cause\nbinary libraries on the host to be loaded. The insert privilege on\nthe table 'mysql.func' is required for a user to create user-defined\nfunctions. When running on Windows and possibly other operating\nsystems, MySQL is potentially affected by the following\nvulnerabilities:\n\n - If an invalid library is requested the Windows\n function 'LoadLibraryEx' will block processing until\n an error dialog box is acknowledged on the server.\n It is not likely that non-Windows systems are affected\n by this particular issue.\n\n - MySQL requires that user-defined libraries contain\n functions with names fitting the formats: 'XXX_deinit'\n or 'XXX_init'. However, other libraries are known to \n contain functions fitting these formats and, when called\n upon, can cause application crashes, memory corruption\n and stack pollution.\");\n\n script_set_attribute(attribute:\"solution\", value:\n\"There is currently no known fix or patch to address these issues. \nInstead, make sure access to create user-defined functions is\nrestricted.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2005/Aug/199\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mysql:mysql\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Databases\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_require_keys(\"Settings/PCI_DSS\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"mysql_func.inc\");\n\n# Only PCI considers this an issue.\nif (!get_kb_item(\"Settings/PCI_DSS\")) exit(0, \"PCI-DSS compliance checking is not enabled.\");\n\nport = get_service(svc:\"mysql\", default:3306, exit_on_fail:TRUE);\n\nif (mysql_init(port:port) >= 0)\n{\n # Try to get variant and version\n variant = mysql_get_variant();\n version = mysql_get_version();\n}\nelse exit(0, \"The service on port \"+port+\" does not look like MySQL.\");\n\n# All versions are vulnerable.\nif (report_verbosity > 0)\n{\n if (!isnull(variant) && !isnull(version))\n {\n report =\n '\\n Variant : ' + variant +\n '\\n Installed version : ' + version +\n '\\n';\n datadir = get_kb_item('mysql/' + port + '/datadir');\n if (!empty_or_null(datadir))\n {\n report += ' Data Dir : ' + datadir + '\\n';\n }\n databases = get_kb_item('mysql/' + port + '/databases');\n if (!empty_or_null(databases))\n { \n report += ' Databases :\\n' + databases;\n }\n }\n else\n {\n report = \n '\\nNessus was able to determine a MySQL server is listening on' +\n '\\nthe remote host but unable to determine its version and / or' +\n '\\nvariant.' +\n '\\n';\n }\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\nmysql_close();\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2021-06-08T19:10:16", "description": "Crossite scripting, code execution.", "edition": 2, "cvss3": {}, "published": "2014-01-08T00:00:00", "title": "HP ProCurve Manager multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2005-2572", "CVE-2013-4810", "CVE-2013-4811", "CVE-2013-4809", "CVE-2013-4813", "CVE-2013-4812"], "modified": "2014-01-08T00:00:00", "id": "SECURITYVULNS:VULN:13501", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13501", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:58:44", "description": "Code execution, session reusage, SQL injection.", "edition": 2, "cvss3": {}, "published": "2013-09-11T00:00:00", "title": "HP ProCurve Manager, HP Identity Driven Manager multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2005-2572", "CVE-2013-4810", "CVE-2013-4811", "CVE-2013-4809", "CVE-2013-4813", "CVE-2013-4812"], "modified": "2013-09-11T00:00:00", "id": "SECURITYVULNS:VULN:13282", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13282", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:50", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c03897409\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c03897409\r\nVersion: 2\r\n\r\nHPSBPV02918 rev.2 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven\r\nManager (IDM), SQL Injection, Remote Code Execution, Session Reuse\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2013-10-15\r\nLast Updated: 2013-10-15\r\n\r\nPotential Security Impact: SQL injection, remote code execution, session\r\nreuse\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified with HP ProCurve\r\nManager (PCM), HP PCM+ and HP Identity Driven Manager (IDM). These\r\nvulnerabilities could be exploited remotely to allow SQL injection, remote\r\ncode execution and session reuse.\r\n\r\nReferences: CVE-2005-2572 (SSRT101272)\r\nCVE-2013-4809 (ZDI-CAN-1744, SSRT101132)\r\nCVE-2013-4810 (ZDI-CAN-1760, SSRT101127)\r\nCVE-2013-4811 (ZDI-CAN-1743, SSRT101116)\r\nCVE-2013-4812 (ZDI-CAN-1742, SSRT101115)\r\nCVE-2013-4813 (ZDI-CAN-1745, SSRT101129)\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP ProCurve Manager (PCM) v3.x, v3.20, v4.0\r\nHP PCM+ v3.20, v4.0\r\nHP Identity Driven Manager (IDM) v4.0\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2013-4809 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\r\nCVE-2013-4810 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\r\nCVE-2013-4811 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\r\nCVE-2013-4812 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\r\nCVE-2013-4813 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\r\nCVE-2005-2572 (AV:N/AC:M/Au:S/C:C/I:C/A:C) 8.5\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nThe Hewlett-Packard Company thanks Andrea Micalizzi aka rgod for working with\r\nHP's Zero Day Initiative to report CVE-2013-4809, CVE-2013-4810,\r\nCVE-2013-4811, CVE-2013-4812 and CVE-2013-4813 to security-alert@hp.com\r\n\r\nRESOLUTION\r\n\r\nHP has provided updated software to resolve these issues. Please used the\r\nAutoUpdate feature of PCM.\r\n\r\nNote about CVE-2005-2572 and PCM v3.X: To address CVE-2005-2572 on PCMv3, a\r\nseparate security tool must be run. This security tool can be found as\r\nfollows. Browse to the HP Networking Support Lookup Tool\r\nhttp://www.hp.com/networking/support :\r\n\r\nEnter a PCM v3.x product number, such as J9173A, J9174A, J9175A, or J9176A\r\ninto the "Auto Search" text box\r\nCheck the appropriate product\r\nPress "Display Selected"\r\nClick "Software Downloads"\r\nIn the "Other" section, there will be a "Security Tools" download which\r\ncontains a zip file with several executables.\r\nTo protect your PCM v3.x installation, use the pcm320-DB-restrict tool. There\r\nare 32bit and 64bit versions available. Please read the release notes\r\nincluded in the Security Tool download.\r\nIMPORTANT: If you will be updating a protected PCM v3 installation to PCM v4,\r\nyou will need to run the pcm320-DB-unrestrict utility prior to updating.\r\n\r\nProduct and Potential Vulnerability\r\n Resolution\r\n HP Branded Products Impacted\r\n\r\nHP IDM v4.00 (CVE-2013-4809, CVE-2013-4810, CVE-2013-4811, CVE-2013-4812)\r\n HP PCM v4.00 AutoUpdate #6 04.00.06.628\r\n J9752A HP PCM+ Identity Driven Manager v4 Software Module with 500-user\r\nLicense\r\n\r\nJ9753A HP PCM+ Identity Driven Manager v4 Software Module with Unlimited-user\r\nLicense\r\n\r\nHP PCM v3.20, HP PCM v4.00 (CVE-2013-4813)\r\n HP PCM v4.00 AutoUpdate #5 04.00.05.612\r\n\r\nHP PCM v3.20 AutoUpdate #8 C.03.20.1741\r\n J9755A HP PCM+ v4 Software Platform with 50-device License\r\n\r\nJ9757A HP PCM+ v4 Software Platform with Unlimited-device License\r\n\r\nJ9173A HP ProCurve Manager Plus 3.0 50 device license upgrade\r\n\r\nJ9174A HP ProCurve Manager Plus 3.0 software with 50 device license\r\n\r\nJ9176A HP ProCurve Manager Plus 3.0 unlimited device license upgrade\r\n\r\nJ9177A HP ProCurve Manager Plus 3.0 software with unlimited device license\r\n\r\nHP PCM v4.00 ( CVE-2005-2572)\r\n HP PCM v4.00 AutoUpdate #5 04.00.05.612\r\n J9755A HP PCM+ v4 Software Platform with 50-device License\r\n\r\nJ9757A HP PCM+ v4 Software Platform with Unlimited-device License\r\n\r\nHP PCM v3.x ( CVE-2005-2572)\r\n HP PCM v3.x see Resolution text above.\r\n J9173A HP ProCurve Manager Plus 3.0 50 device license upgrade\r\n\r\nJ9174A HP ProCurve Manager Plus 3.0 software with 50 device license\r\n\r\nJ9176A HP ProCurve Manager Plus 3.0 unlimited device license upgrade\r\n\r\nJ9177A HP ProCurve Manager Plus 3.0 software with unlimited device license\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 9 September 2013 Initial release\r\nVersion:2 (rev.2) - 15 October 2013 Added PCM v3\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2013 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits;damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (GNU/Linux)\r\n\r\niEYEARECAAYFAlJdvz4ACgkQ4B86/C0qfVmLhwCghN6a1Opqqcbd3dLqlnnfQWci\r\nUR8AoIhyX+Ht4By5+4v503IdvTZKcaWg\r\n=3nFW\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2014-01-08T00:00:00", "title": "[security bulletin] HPSBPV02918 rev.2 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2005-2572", "CVE-2013-4810", "CVE-2013-4811", "CVE-2013-4809", "CVE-2013-4813", "CVE-2013-4812"], "modified": "2014-01-08T00:00:00", "id": "SECURITYVULNS:DOC:30182", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30182", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:49", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c03897409\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c03897409\r\nVersion: 1\r\n\r\nHPSBPV02918 rev.1 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven\r\nManager (IDM), SQL Injection, Remote Code Execution, Session Reuse\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2013-09-09\r\nLast Updated: 2013-09-09\r\n\r\nPotential Security Impact: SQL injection, remote code execution, session\r\nreuse\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified with HP ProCurve\r\nManager (PCM), HP PCM+ and HP Identity Driven Manager (IDM). These\r\nvulnerabilities could be exploited remotely to allow SQL injection, remote\r\ncode execution and session reuse.\r\n\r\nReferences: CVE-2005-2572 (SSRT101272)\r\nCVE-2013-4809 (ZDI-CAN-1744, SSRT101132)\r\nCVE-2013-4810 (ZDI-CAN-1760, SSRT101127)\r\nCVE-2013-4811 (ZDI-CAN-1743, SSRT101116)\r\nCVE-2013-4812 (ZDI-CAN-1742, SSRT101115)\r\nCVE-2013-4813 (ZDI-CAN-1745, SSRT101129)\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP ProCurve Manager (PCM) v3.20, v4.0\r\nHP PCM+ v3.20, v4.0\r\nHP Identity Driven Manager (IDM) v4.0\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2013-4809 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\r\nCVE-2013-4810 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\r\nCVE-2013-4811 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\r\nCVE-2013-4812 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\r\nCVE-2013-4813 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\r\nCVE-2005-2572 (AV:N/AC:M/Au:S/C:C/I:C/A:C) 8.5\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nThe Hewlett-Packard Company thanks Andrea Micalizzi aka rgod for working with\r\nHP's Zero Day Initiative to report CVE-2013-4809, CVE-2013-4810,\r\nCVE-2013-4811, CVE-2013-4812 and CVE-2013-4813 to security-alert@hp.com\r\n\r\nRESOLUTION\r\n\r\nHP has provided updated software to resolve these issues. Please used the\r\nAutoUpdate feature of PCM. Product and Potential Vulnerability\r\n Resolution\r\n HP Branded Products Impacted\r\n\r\nHP IDM v4.00 (CVE-2013-4809, CVE-2013-4810, CVE-2013-4811, CVE-2013-4812)\r\n HP PCM v4.00 AutoUpdate #6 04.00.06.628\r\n J9752A HP PCM+ Identity Driven Manager v4 Software Module with 500-user\r\nLicense\r\n\r\nJ9753A HP PCM+ Identity Driven Manager v4 Software Module with Unlimited-user\r\nLicense\r\n\r\nHP PCM v3.20, HP PCM v4.00 (CVE-2013-4813)\r\n HP PCM v4.00 AutoUpdate #5 04.00.05.612\r\n\r\nHP PCM v3.20 AutoUpdate #8 C.03.20.1741\r\n J9755A HP PCM+ v4 Software Platform with 50-device License\r\n\r\nJ9757A HP PCM+ v4 Software Platform with Unlimited-device License\r\n\r\nJ9173A HP ProCurve Manager Plus 3.0 50 device license upgrade\r\n\r\nJ9174A HP ProCurve Manager Plus 3.0 software with 50 device license\r\n\r\nJ9176A HP ProCurve Manager Plus 3.0 unlimited device license upgrade\r\n\r\nJ9177A HP ProCurve Manager Plus 3.0 software with unlimited device license\r\n\r\nHP PCM v4.00 ( CVE-2005-2572)\r\n HP PCM v4.00 AutoUpdate #5 04.00.05.612\r\n J9755A HP PCM+ v4 Software Platform with 50-device License\r\n\r\nJ9757A HP PCM+ v4 Software Platform with Unlimited-device License\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 9 September 2013 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2013 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits;damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (GNU/Linux)\r\n\r\niEYEARECAAYFAlIuBgcACgkQ4B86/C0qfVlvcwCggBleIQ2jJ5kVsOs0jnnfN0nJ\r\njqkAnjs4Po+SPJx4rm+WXolFai2juOmy\r\n=5yU4\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2013-09-11T00:00:00", "title": "[security bulletin] HPSBPV02918 rev.1 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2005-2572", "CVE-2013-4810", "CVE-2013-4811", "CVE-2013-4809", "CVE-2013-4813", "CVE-2013-4812"], "modified": "2013-09-11T00:00:00", "id": "SECURITYVULNS:DOC:29808", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29808", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
CVE-2005-2572
