Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 DB:MYSQL:LONG-FUNC

Severity

 Minor

Recommended

 No

Category

 DB

Keywords

 MySQL Long Function Name

Release Date

 2005/09/07

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

DB: MySQL Long Function Name


This signature detects SQL commands that create long function names. MySQL contains a vulnerability in function naming that can allow a malicious user to halt the SQL daemon. A sophisticated attack can allow arbitrary code execution.

Extended Description

MySQL is prone to a buffer-overflow vulnerability. The application fails to perform sufficient boundary checks on data supplied as an argument in a user-defined function. A database user with sufficient access to create a user-defined function can exploit this issue. Attackers may also be able to exploit this issue through latent SQL-injection vulnerabilities in third-party applications that use the database as a backend. Successful exploits will allow arbitrary code to run in the context of the database server process.

Affected Products

  • Avaya interactive_response 2.0
  • Avaya interactive_response 3.0
  • Conectiva linux 10.0.0
  • Debian linux 3.1.0
  • Debian linux 3.1.0 Alpha
  • Debian linux 3.1.0 Amd64
  • Debian linux 3.1.0 Arm
  • Debian linux 3.1.0 Hppa
  • Debian linux 3.1.0 Ia-32
  • Debian linux 3.1.0 Ia-64
  • Debian linux 3.1.0 M68k
  • Debian linux 3.1.0 Mips
  • Debian linux 3.1.0 Mipsel
  • Debian linux 3.1.0 Ppc
  • Debian linux 3.1.0 S/390
  • Debian linux 3.1.0 Sparc
  • Mysql_ab mysql 3.22.25
  • Mysql_ab mysql 3.23.49
  • Mysql_ab mysql 4.0.0 .0
  • Mysql_ab mysql 4.0.1
  • Mysql_ab mysql 4.0.10
  • Mysql_ab mysql 4.0.11
  • Mysql_ab mysql 4.0.11 -Gamma
  • Mysql_ab mysql 4.0.12
  • Mysql_ab mysql 4.0.13
  • Mysql_ab mysql 4.0.14
  • Mysql_ab mysql 4.0.15
  • Mysql_ab mysql 4.0.18
  • Mysql_ab mysql 4.0.2
  • Mysql_ab mysql 4.0.20
  • Mysql_ab mysql 4.0.21
  • Mysql_ab mysql 4.0.23
  • Mysql_ab mysql 4.0.24
  • Mysql_ab mysql 4.0.3
  • Mysql_ab mysql 4.0.4
  • Mysql_ab mysql 4.0.5
  • Mysql_ab mysql 4.0.5 A
  • Mysql_ab mysql 4.0.6
  • Mysql_ab mysql 4.0.7
  • Mysql_ab mysql 4.0.7 -Gamma
  • Mysql_ab mysql 4.0.8
  • Mysql_ab mysql 4.0.8 -Gamma
  • Mysql_ab mysql 4.0.9
  • Mysql_ab mysql 4.0.9 -Gamma
  • Mysql_ab mysql 4.1.0-0
  • Mysql_ab mysql 4.1.0.0-Alpha
  • Mysql_ab mysql 4.1.10A
  • Mysql_ab mysql 4.1.11A
  • Mysql_ab mysql 4.1.2 -Alpha
  • Mysql_ab mysql 4.1.3 -0
  • Mysql_ab mysql 4.1.3 -Beta
  • Mysql_ab mysql 4.1.4
  • Mysql_ab mysql 4.1.5
  • Mysql_ab mysql 5.0.0 .0-0
  • Mysql_ab mysql 5.0.0 .0-Alpha
  • Mysql_ab mysql 5.0.1
  • Mysql_ab mysql 5.0.2
  • Mysql_ab mysql 5.0.3
  • Mysql_ab mysql 5.0.4
  • Red_hat fedora Core3
  • Red_hat fedora Core4
  • Red_hat linux 7.3.0
  • Red_hat linux 7.3.0 I386
  • Red_hat linux 7.3.0 I686
  • Red_hat linux 9.0.0 I386
  • Sco unixware 7.1.4
  • Sun solaris 10 Sparc
  • Sun solaris 10 X86
  • Suse cvsup-16.1h-36.i586.rpm Null
  • Suse linux_personal 8.2.0
  • Suse linux_personal 9.0.0
  • Suse linux_personal 9.0.0 X86 64
  • Suse linux_personal 9.1.0
  • Suse linux_personal 9.1.0 X86 64
  • Suse linux_personal 9.2.0
  • Suse linux_personal 9.2.0 X86 64
  • Suse linux_personal 9.3.0
  • Suse linux_personal 9.3.0 X86 64
  • Suse linux_professional 8.2.0
  • Suse linux_professional 9.0.0
  • Suse linux_professional 9.0.0 X86 64
  • Suse linux_professional 9.1.0
  • Suse linux_professional 9.1.0 X86 64
  • Suse linux_professional 9.2.0
  • Suse linux_professional 9.2.0 X86 64
  • Suse linux_professional 9.3.0
  • Suse linux_professional 9.3.0 X86 64
  • Suse open-enterprise-server 9.0.0
  • Suse suse_linux_enterprise_server 7
  • Suse suse_linux_enterprise_server 8
  • Suse suse_linux_enterprise_server 9
  • Suse suse_linux_openexchange_server 4.0.0
  • Suse suse_linux_retail_solution 8.0.0
  • Suse suse_linux_school_server_for_i386
  • Suse suse_linux_standard_server 8.0.0
  • Turbolinux appliance_server 1.0.0 Hosting Edition
  • Turbolinux appliance_server 1.0.0 Workgroup Edition
  • Turbolinux appliance_server 2.0
  • Turbolinux appliance_server_hosting_edition 1.0.0
  • Turbolinux appliance_server_workgroup_edition 1.0.0
  • Turbolinux home
  • Turbolinux multimedia
  • Turbolinux personal
  • Turbolinux turbolinux 10 F...
  • Turbolinux turbolinux FUJI
  • Turbolinux turbolinux_desktop 10.0.0
  • Turbolinux turbolinux_server 10.0.0
  • Turbolinux turbolinux_server 10.0.0 X86
  • Turbolinux turbolinux_server 7.0.0
  • Turbolinux turbolinux_server 8.0.0
  • Turbolinux turbolinux_workstation 8.0.0
  • Ubuntu ubuntu_linux 5.10.0 Amd64
  • Ubuntu ubuntu_linux 5.10.0 I386
  • Ubuntu ubuntu_linux 5.10.0 Powerpc

References

  • BugTraq: 14509
  • CVE: CVE-2005-2558
  • URL: http://www.appsecinc.com/resources/alerts/mysql/2005-002.html
  • URL: http://www.sans.org/newsletters/risk/display.php?v=4&i=32#05.32.18

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out