CVE-2005-0710

MySQL <4.0.23 & <4.1.11 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0710. PoCs published by Stefano Di Paola.

AI-analyzed exploit summary This exploit leverages the MySQL CREATE FUNCTION vulnerability (CVE-2005-0710) to inject a malicious shared library into the MySQL process, allowing remote code execution. The exploit constructs a crafted ELF library in hex format and uses SQL queries to load it, escalating privileges.

Description

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stefano Di Paola · phpremotemultiple

https://www.exploit-db.com/exploits/25210

View Code ZIP pw:eip

This exploit leverages the MySQL CREATE FUNCTION vulnerability (CVE-2005-0710) to inject a malicious shared library into the MySQL process, allowing remote code execution. The exploit constructs a crafted ELF library in hex format and uses SQL queries to load it, escalating privileges.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: MySQL <= 4.0.23, 4.1.10

Auth required

Prerequisites: MySQL credentials with CREATE FUNCTION privileges · Access to the MySQL server

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (16)

Core 16

Core References

Vendor Advisory vendor-advisory x_refsource_trustix

http://www.trustix.org/errata/2005/0009/

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=111065974004648&w=2

Patch vendor-advisory x_refsource_debian

http://www.debian.org/security/2005/dsa-707

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2005-334.html

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1

Patch vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2005_19_mysql.html

Vendor Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/96-1/

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2005-348.html

Exploit mailing-list x_refsource_vulnwatch

http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0083.html

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

Vendor Advisory vendor-advisory x_refsource_mandrake

http://www.mandriva.com/security/advisories?name=MDKSA-2005:060

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/19658

Patch vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10180

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/12781

Scores

EPSS 0.1284

EPSS Percentile 95.8%

Details

Status published

Products (30)

mysql/mysql 4.1.0

mysql/mysql 4.1.3

mysql/mysql 4.1.10

oracle/mysql 3.23.49

oracle/mysql 4.0.0

oracle/mysql 4.0.1

oracle/mysql 4.0.2

oracle/mysql 4.0.3

oracle/mysql 4.0.4

oracle/mysql 4.0.5

... and 20 more

Published May 02, 2005

Tracked Since Feb 18, 2026