CVE-2005-0709
published 2005-05-02CVE-2005-0709: MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE…
PriorityP336medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
18.44%
96.9th percentile
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| mysql | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
| oracle | mysql | — | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
mySQL vulnerabilities
vendor_ubuntu·2005-03-16
CVE-2005-0711 mySQL vulnerabilities
Title: mySQL vulnerabilities
Summary: mySQL vulnerabilities
Stefano Di Paola discovered three privilege escalation flaws in the MySQL
server:
- If an authenticated user had INSERT privileges on the 'mysql' administrative
database, the CREATE FUNCTION command allowed that user to use libc functions
to execute arbitrary code with the privileges of the database server (user
'mysql'). (CAN-2005-0709)
- If an authenticated user had INSERT privileges on the 'mysql' administrative
database, it was possible to load a library located in an arbitrary directory
by using INSERT INTO mysql.func instead of CREATE FUNCTION. This allowed the
user to execute arbitrary code with the privileges of the database server (user
'mysql'). (CAN-2005-0710)
- Temporary files belonging to tables created with CREA
Red Hat
security flaw
vendor_redhat·2005-03-11·CVSS 4.6
CVE-2005-0709 [MEDIUM] security flaw
security flaw
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.
GHSA
GHSA-3x8w-p58r-45ff: MySQL 4
ghsa_unreviewed·2022-05-01
CVE-2005-0709 [MEDIUM] CWE-94 GHSA-3x8w-p58r-45ff: MySQL 4
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.
No detection rules found.
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0084.htmlhttp://lists.apple.com/archives/security-announce/2005//Aug/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2005/Aug/msg00000.htmlhttp://marc.info/?l=bugtraq&m=111066115808506&w=2http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1http://www.debian.org/security/2005/dsa-707http://www.gentoo.org/security/en/glsa/glsa-200503-19.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:060http://www.novell.com/linux/security/advisories/2005_19_mysql.htmlhttp://www.redhat.com/support/errata/RHSA-2005-334.htmlhttp://www.redhat.com/support/errata/RHSA-2005-348.htmlhttp://www.securityfocus.com/bid/12781http://www.trustix.org/errata/2005/0009/https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10479https://usn.ubuntu.com/96-1/http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0084.htmlhttp://lists.apple.com/archives/security-announce/2005//Aug/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2005/Aug/msg00000.htmlhttp://marc.info/?l=bugtraq&m=111066115808506&w=2http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1http://www.debian.org/security/2005/dsa-707http://www.gentoo.org/security/en/glsa/glsa-200503-19.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:060http://www.novell.com/linux/security/advisories/2005_19_mysql.htmlhttp://www.redhat.com/support/errata/RHSA-2005-334.htmlhttp://www.redhat.com/support/errata/RHSA-2005-348.htmlhttp://www.securityfocus.com/bid/12781http://www.trustix.org/errata/2005/0009/https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10479https://usn.ubuntu.com/96-1/
2005-05-02
Published