|
|
CVE Reference: CVE-2005-2573 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2005-2573 |
|
|
Description: The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/21738 MISC http://www.appsecinc.com/resources/alerts/mysql/2005-001.html FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/035847.html CONFIRM http://mysql.bkbits.net:8080/mysql-4.0/gnupatch@428b981bg2iwh3CbGANDaF-W6DbttA http://mysql.bkbits.net:8080/mysql-4.0/cset@428b981bg2iwh3CbGANDaF-W6DbttA BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=112360618320729&w=2 |
|
| Return to the previous page. |
