CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.7%
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote
authenticated users with INSERT and DELETE privileges to execute arbitrary
code by using CREATE FUNCTION to access libc calls, as demonstrated by
using strcat, on_exit, and exit.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | mysql-dfsg | < 4.0.24-10ubuntu2 | UNKNOWN |
ubuntu | 6.10 | noarch | mysql-dfsg | < 4.0.24-10ubuntu2 | UNKNOWN |
ubuntu | 6.06 | noarch | mysql-dfsg-4.1 | < 4.1.15-1ubuntu5 | UNKNOWN |
ubuntu | 6.10 | noarch | mysql-dfsg-4.1 | < 4.1.15-1ubuntu5 | UNKNOWN |
ubuntu | 6.06 | noarch | mysql-dfsg-5.0 | < 5.0.22-0ubuntu6.06.3 | UNKNOWN |
ubuntu | 6.10 | noarch | mysql-dfsg-5.0 | < 5.0.24a-9ubuntu0.1 | UNKNOWN |
ubuntu | 7.04 | noarch | mysql-dfsg-5.0 | < 5.0.38-0ubuntu1 | UNKNOWN |