RedhatCVELIST:CVE-2005-0709CVE-2005-0709
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.
References
archives.neohapsis.com/archives/vulnwatch/2005-q1/0084.html
lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
marc.info/?l=bugtraq&m=111066115808506&w=2
sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1
www.debian.org/security/2005/dsa-707
www.gentoo.org/security/en/glsa/glsa-200503-19.xml
www.mandriva.com/security/advisories?name=MDKSA-2005:060
www.novell.com/linux/security/advisories/2005_19_mysql.html
www.redhat.com/support/errata/RHSA-2005-334.html
www.redhat.com/support/errata/RHSA-2005-348.html
www.securityfocus.com/bid/12781
www.trustix.org/errata/2005/0009/
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10479
usn.ubuntu.com/96-1/
Related
