Signature Detail

DB: MYSQL Create Function Detection

This signature detects attempts to exploit a known vulnerability against MySQL. Attackers can conduct a symbolic link attack that might result in a denial-of-service condition or allow arbitrary code execution.

Extended Description

MySQL is reported prone to multiple vulnerabilities that can be exploited by a remote authenticated attacker. The following individual issues are reported: - Insecure temporary file-creation vulnerability. Reports indicate that an attacker with 'CREATE TEMPORARY TABLE' privileges on an affected installation may leverage this vulnerability to corrupt files with the privileges of the MySQL process. - Input-validation vulnerability. Remote attackers with INSERT and DELETE privileges on the 'mysql' administrative database can exploit this. Reports indicate that this issue may be leveraged to load and execute a malicious library in the context of the MySQL process. - Remote arbitrary-code execution vulnerability. Reportedly, the vulnerability may be triggered by employing the 'CREATE FUNCTION' statement to manipulate functions to control sensitive data structures. This issue may be exploited to execute arbitrary code in the context of the database process. These issues are reported to exist in MySQL versions prior to MySQL 4.0.24 and 4.1.10a.

Affected Products

• ALT Linux ALT Linux Compact 2.3.0
• ALT Linux ALT Linux Junior 2.3.0
• Apple Mac OS X Server 10.3.9
• Conectiva Linux 10.0.0
• Conectiva Linux 9.0.0
• Gentoo Linux
• Mandriva Corporate Server 2.1.0
• Mandriva Corporate Server 2.1.0 X86 64
• Microsoft Windows 2000 Professional SP4
• MySQL AB MySQL 3.23.49
• MySQL AB MySQL 4.0.0 .0
• MySQL AB MySQL 4.0.1
• MySQL AB MySQL 4.0.10
• MySQL AB MySQL 4.0.11
• MySQL AB MySQL 4.0.11 -Gamma
• MySQL AB MySQL 4.0.12
• MySQL AB MySQL 4.0.13
• MySQL AB MySQL 4.0.14
• MySQL AB MySQL 4.0.15
• MySQL AB MySQL 4.0.18
• MySQL AB MySQL 4.0.2
• MySQL AB MySQL 4.0.20
• MySQL AB MySQL 4.0.21
• MySQL AB MySQL 4.0.3
• MySQL AB MySQL 4.0.4
• MySQL AB MySQL 4.0.5
• MySQL AB MySQL 4.0.5 A
• MySQL AB MySQL 4.0.6
• MySQL AB MySQL 4.0.7
• MySQL AB MySQL 4.0.7 -Gamma
• MySQL AB MySQL 4.0.8
• MySQL AB MySQL 4.0.8 -Gamma
• MySQL AB MySQL 4.0.9
• MySQL AB MySQL 4.0.9 -Gamma
• MySQL AB MySQL 4.1.0-0
• MySQL AB MySQL 4.1.0.0-Alpha
• MySQL AB MySQL 4.1.2 -Alpha
• MySQL AB MySQL 4.1.3 -0
• MySQL AB MySQL 4.1.3 -Beta
• MySQL AB MySQL 4.1.4
• MySQL AB MySQL 4.1.5
• Red Hat Advanced Workstation for the Itanium Processor 2.1.0
• Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
• Red Hat Desktop 3.0.0
• Red Hat Desktop 4.0.0
• Red Hat Enterprise Linux ES 2.1
• Red Hat Enterprise Linux ES 2.1 IA64
• Red Hat Enterprise Linux ES 3
• Red Hat Enterprise Linux ES 4
• Red Hat Enterprise Linux WS 2.1
• Red Hat Enterprise Linux WS 2.1 IA64
• Red Hat Enterprise Linux WS 3
• Red Hat Enterprise Linux WS 4
• Red Hat Fedora Core2
• Red Hat Fedora Core3
• Red Hat Linux 8.0.0
• Red Hat Linux 8.0.0 I386
• Red Hat Linux 8.0.0 I686
• SGI ProPack 3.0.0
• Sun Solaris 10 Sparc
• Sun Solaris 10 X86
• SuSE Linux Desktop 1.0.0
• SuSE Linux Personal 8.2.0
• SuSE Linux Personal 9.0.0
• SuSE Linux Personal 9.0.0 X86 64
• SuSE Linux Personal 9.1.0
• SuSE Linux Personal 9.1.0 X86 64
• SuSE Linux Personal 9.2.0
• SuSE Linux Personal 9.2.0 X86 64
• SuSE Novell Linux Desktop 9.0.0
• SuSE SUSE Linux Enterprise Server 8
• SuSE SUSE Linux Enterprise Server 9
• Trustix Secure Enterprise Linux 2.0.0
• Trustix Secure Linux 2.0.0
• Trustix Secure Linux 2.1.0
• Trustix Secure Linux 2.2.0
• Turbolinux Appliance Server Hosting Edition 1.0.0
• Turbolinux Appliance Server Workgroup Edition 1.0.0
• Turbolinux Home
• Turbolinux 10 F...
• Turbolinux Turbolinux Desktop 10.0.0
• Turbolinux Turbolinux Server 10.0.0
• Turbolinux Turbolinux Server 7.0.0
• Turbolinux Turbolinux Server 8.0.0
• Turbolinux Turbolinux Workstation 7.0.0
• Turbolinux Turbolinux Workstation 8.0.0

References

• BugTraq: 12781
• CVE: CVE-2005-0710
• CVE: CVE-2005-0709
• URL: http://www.trustix.org/errata/2005/0009/
• URL: http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0084.html