CVE Reference: CVE-2005-0710

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2005-0710

Description:
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/19658

VULNWATCH
  http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0083.html

UBUNTU
  http://www.ubuntulinux.org/support/documentation/usn/usn-96-1

TRUSTIX
  http://www.trustix.org/errata/2005/0009/

SUSE
  http://www.novell.com/linux/security/advisories/2005_19_mysql.html

SUNALERT
  http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1

REDHAT
  http://www.redhat.com/support/errata/RHSA-2005-348.html
  http://www.redhat.com/support/errata/RHSA-2005-334.html

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10180

MANDRAKE
  http://www.mandriva.com/security/advisories?name=MDKSA-2005:060

GENTOO
  http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml

DEBIAN
  http://www.debian.org/security/2005/dsa-707

BUGTRAQ
  http://marc.theaimsgroup.com/?l=bugtraq&m=111065974004648&w=2

BID
  12781

APPLE
  http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
  http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html


Return to the previous page.