CVE - CVE-2005-0710

CVE-ID
CVE-2005-0710	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:101864 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1~~ (Obsolete source) MISC:12781 URL:http://www.securityfocus.com/bid/12781 MISC:2005-0009 URL:~~http://www.trustix.org/errata/2005/0009/~~ (Obsolete source - check if archived by the Wayback Machine) MISC:20050310 Mysql CREATE FUNCTION mysql.func table arbitrary library injection URL:http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0083.html MISC:20050310 Mysql CREATE FUNCTION mysql.func table arbitrary library injection URL:http://marc.info/?l=bugtraq&m=111065974004648&w=2 MISC:APPLE-SA-2005-08-15 URL:http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html MISC:APPLE-SA-2005-08-17 URL:http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html MISC:DSA-707 URL:http://www.debian.org/security/2005/dsa-707 MISC:GLSA-200503-19 URL:http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml MISC:MDKSA-2005:060 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2005:060~~ (Obsolete source) MISC:RHSA-2005:334 URL:http://www.redhat.com/support/errata/RHSA-2005-334.html MISC:RHSA-2005:348 URL:http://www.redhat.com/support/errata/RHSA-2005-348.html MISC:SUSE-SA:2005:019 URL:http://www.novell.com/linux/security/advisories/2005_19_mysql.html MISC:USN-96-1 URL:https://usn.ubuntu.com/96-1/ MISC:mysql-udfinit-gain-access(19658) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/19658 MISC:oval:org.mitre.oval:def:10180 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10180
Assigning CNA
Red Hat, Inc.
Date Record Created
20050311	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20050311)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)