This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
DB:MYSQL:CREATE-FUNCTION
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
DB
|
Keywords |
MYSQL Create Function Detection
|
Release Date |
2005/04/11
|
Update Number |
1213
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
DB: MYSQL Create Function Detection
This signature detects attempts to exploit a known vulnerability against MySQL. Attackers can conduct a symbolic link attack that might result in a denial-of-service condition or allow arbitrary code execution.
Extended Description
MySQL is reported prone to multiple vulnerabilities that can be exploited by a remote authenticated attacker. The following individual issues are reported:
- Insecure temporary file-creation vulnerability. Reports indicate that an attacker with 'CREATE TEMPORARY TABLE' privileges on an affected installation may leverage this vulnerability to corrupt files with the privileges of the MySQL process.
- Input-validation vulnerability. Remote attackers with INSERT and DELETE privileges on the 'mysql' administrative database can exploit this. Reports indicate that this issue may be leveraged to load and execute a malicious library in the context of the MySQL process.
- Remote arbitrary-code execution vulnerability. Reportedly, the vulnerability may be triggered by employing the 'CREATE FUNCTION' statement to manipulate functions to control sensitive data structures. This issue may be exploited to execute arbitrary code in the context of the database process.
These issues are reported to exist in MySQL versions prior to MySQL 4.0.24 and 4.1.10a.
Affected Products
- Alt_linux alt_linux_compact 2.3.0
- Alt_linux alt_linux_junior 2.3.0
- Apple mac_os_x_server 10.3.9
- Conectiva linux 10.0.0
- Conectiva linux 9.0.0
- Gentoo linux
- Mandriva corporate_server 2.1.0
- Mandriva corporate_server 2.1.0 X86 64
- Microsoft windows_2000_professional SP4
- Mysql_ab mysql 3.23.49
- Mysql_ab mysql 4.0.0 .0
- Mysql_ab mysql 4.0.1
- Mysql_ab mysql 4.0.10
- Mysql_ab mysql 4.0.11
- Mysql_ab mysql 4.0.11 -Gamma
- Mysql_ab mysql 4.0.12
- Mysql_ab mysql 4.0.13
- Mysql_ab mysql 4.0.14
- Mysql_ab mysql 4.0.15
- Mysql_ab mysql 4.0.18
- Mysql_ab mysql 4.0.2
- Mysql_ab mysql 4.0.20
- Mysql_ab mysql 4.0.21
- Mysql_ab mysql 4.0.3
- Mysql_ab mysql 4.0.4
- Mysql_ab mysql 4.0.5
- Mysql_ab mysql 4.0.5 A
- Mysql_ab mysql 4.0.6
- Mysql_ab mysql 4.0.7
- Mysql_ab mysql 4.0.7 -Gamma
- Mysql_ab mysql 4.0.8
- Mysql_ab mysql 4.0.8 -Gamma
- Mysql_ab mysql 4.0.9
- Mysql_ab mysql 4.0.9 -Gamma
- Mysql_ab mysql 4.1.0-0
- Mysql_ab mysql 4.1.0.0-Alpha
- Mysql_ab mysql 4.1.2 -Alpha
- Mysql_ab mysql 4.1.3 -0
- Mysql_ab mysql 4.1.3 -Beta
- Mysql_ab mysql 4.1.4
- Mysql_ab mysql 4.1.5
- Red_hat advanced_workstation_for_the_itanium_processor 2.1.0
- Red_hat advanced_workstation_for_the_itanium_processor 2.1.0 IA64
- Red_hat desktop 3.0.0
- Red_hat desktop 4.0.0
- Red_hat enterprise_linux_es 2.1
- Red_hat enterprise_linux_es 2.1 IA64
- Red_hat enterprise_linux_es 3
- Red_hat enterprise_linux_es 4
- Red_hat enterprise_linux_ws 2.1
- Red_hat enterprise_linux_ws 2.1 IA64
- Red_hat enterprise_linux_ws 3
- Red_hat enterprise_linux_ws 4
- Red_hat fedora Core2
- Red_hat fedora Core3
- Red_hat linux 8.0.0
- Red_hat linux 8.0.0 I386
- Red_hat linux 8.0.0 I686
- Sgi propack 3.0.0
- Sun solaris 10 Sparc
- Sun solaris 10 X86
- Suse linux_desktop 1.0.0
- Suse linux_personal 8.2.0
- Suse linux_personal 9.0.0
- Suse linux_personal 9.0.0 X86 64
- Suse linux_personal 9.1.0
- Suse linux_personal 9.1.0 X86 64
- Suse linux_personal 9.2.0
- Suse linux_personal 9.2.0 X86 64
- Suse novell_linux_desktop 9.0.0
- Suse suse_linux_enterprise_server 8
- Suse suse_linux_enterprise_server 9
- Trustix secure_enterprise_linux 2.0.0
- Trustix secure_linux 2.0.0
- Trustix secure_linux 2.1.0
- Trustix secure_linux 2.2.0
- Turbolinux appliance_server_hosting_edition 1.0.0
- Turbolinux appliance_server_workgroup_edition 1.0.0
- Turbolinux home
- Turbolinux turbolinux 10 F...
- Turbolinux turbolinux_desktop 10.0.0
- Turbolinux turbolinux_server 10.0.0
- Turbolinux turbolinux_server 7.0.0
- Turbolinux turbolinux_server 8.0.0
- Turbolinux turbolinux_workstation 7.0.0
- Turbolinux turbolinux_workstation 8.0.0
References