4 matches found
MySQL udf_init function 信息泄露
MySQL 4.0.23 及之前版本与 4.1.10 及之前的版本存在一个信息泄露的弱点. 这个弱点的问题存在 sqludf.cc 中 udfinit function 在检查资料夹区分时缺乏适当的验证, 导致讯息 漏的弱点. 当本地端攻击者是拥有 INSERT 和 DELETE 的权限时, 可以利用 CREATE FUNCTION 来呼叫 libc 程式库, 进而执行任意的程式码. MySQL 4.0.23 及之前版本与 4.1.10 及之前的版本 参考 MySQL 4.0 与 4.1 Downloads, 升级到 4.0.24 或 4.1 .10a 或 最新的 MySql 版本...
CVE-2005-0710
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udfinit function...
security flaw
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udfinit function...
CVE-2005-0710
CVE-2005-0710: MySQL <= 4.0.23 and