[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-0709Date: (C)2005-05-02   (M)2023-12-22


MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.6
Exploit Score: 3.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SUNALERT-101864
BID-12781
2005-0009
http://marc.info/?l=bugtraq&m=111066115808506&w=2
APPLE-SA-2005-08-15
APPLE-SA-2005-08-17
DSA-707
GLSA-200503-19
MDKSA-2005:060
RHSA-2005:334
RHSA-2005:348
SUSE-SA:2005:019
USN-96-1
oval:org.mitre.oval:def:10479

CPE    3
cpe:/a:mysql:mysql:4.1.0
cpe:/a:mysql:mysql:4.1.3
cpe:/a:mysql:mysql:4.1.10
CWE    1
CWE-94

© SecPod Technologies