CVE-2005-0709

Mysql - Code Injection

Title source: rule

Description

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stefano Di Paola · perlremotemultiple

https://www.exploit-db.com/exploits/25209

View Code ZIP pw:eip

References (15)

[Patch] http://www.trustix.org/errata/2005/0009/

[Patch] http://www.debian.org/security/2005/dsa-707

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2005-334.html

[Patch] http://www.novell.com/linux/security/advisories/2005_19_mysql.html

[Vendor Advisory] https://usn.ubuntu.com/96-1/

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2005-348.html

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2005:060

[Patch] http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml

[Exploit, Patch] http://www.securityfocus.com/bid/12781

[Mailing List] http://marc.info/?l=bugtraq&m=111066115808506&w=2

[Exploit] http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0084.html

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1

[Mailing List] http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10479

[Mailing List] http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

Scores

EPSS 0.1794

EPSS Percentile 95.2%

Details

CWE

CWE-94

Status published

Products (30)

mysql/mysql 4.1.0

mysql/mysql 4.1.3

mysql/mysql 4.1.10

oracle/mysql 3.23.49

oracle/mysql 4.0.0

oracle/mysql 4.0.1

oracle/mysql 4.0.2

oracle/mysql 4.0.3

oracle/mysql 4.0.4

oracle/mysql 4.0.5

... and 20 more

Published May 02, 2005

Tracked Since Feb 18, 2026