CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
99.7%
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.
Vendor | Product | Version | CPE |
---|---|---|---|
mysql | mysql | 4.1.0 | cpe:2.3:a:mysql:mysql:4.1.0:*:*:*:*:*:*:* |
mysql | mysql | 4.1.3 | cpe:2.3:a:mysql:mysql:4.1.3:*:*:*:*:*:*:* |
mysql | mysql | 4.1.10 | cpe:2.3:a:mysql:mysql:4.1.10:*:*:*:*:*:*:* |
oracle | mysql | 3.23.49 | cpe:2.3:a:oracle:mysql:3.23.49:*:*:*:*:*:*:* |
oracle | mysql | 4.0.0 | cpe:2.3:a:oracle:mysql:4.0.0:*:*:*:*:*:*:* |
oracle | mysql | 4.0.1 | cpe:2.3:a:oracle:mysql:4.0.1:*:*:*:*:*:*:* |
oracle | mysql | 4.0.2 | cpe:2.3:a:oracle:mysql:4.0.2:*:*:*:*:*:*:* |
oracle | mysql | 4.0.3 | cpe:2.3:a:oracle:mysql:4.0.3:*:*:*:*:*:*:* |
oracle | mysql | 4.0.4 | cpe:2.3:a:oracle:mysql:4.0.4:*:*:*:*:*:*:* |
oracle | mysql | 4.0.5 | cpe:2.3:a:oracle:mysql:4.0.5:*:*:*:*:*:*:* |
archives.neohapsis.com/archives/vulnwatch/2005-q1/0084.html
lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
marc.info/?l=bugtraq&m=111066115808506&w=2
sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1
www.debian.org/security/2005/dsa-707
www.gentoo.org/security/en/glsa/glsa-200503-19.xml
www.mandriva.com/security/advisories?name=MDKSA-2005:060
www.novell.com/linux/security/advisories/2005_19_mysql.html
www.redhat.com/support/errata/RHSA-2005-334.html
www.redhat.com/support/errata/RHSA-2005-348.html
www.securityfocus.com/bid/12781
www.trustix.org/errata/2005/0009/
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10479
usn.ubuntu.com/96-1/