Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 DB:MYSQL:LONG-FUNC

Severity

 Medium

Recommended

 No

Category

 DB

Keywords

 MySQL Long Function Name

Release Date

 2005/09/07

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

DB: MySQL Long Function Name


This signature detects SQL commands that create long function names. MySQL contains a vulnerability in function naming that can allow a malicious user to halt the SQL daemon. A sophisticated attack can allow arbitrary code execution.

Extended Description

MySQL is prone to a buffer-overflow vulnerability. The application fails to perform sufficient boundary checks on data supplied as an argument in a user-defined function. A database user with sufficient access to create a user-defined function can exploit this issue. Attackers may also be able to exploit this issue through latent SQL-injection vulnerabilities in third-party applications that use the database as a backend. Successful exploits will allow arbitrary code to run in the context of the database server process.

Affected Products

  • Avaya Interactive Response 2.0
  • Avaya Interactive Response 3.0
  • Conectiva Linux 10.0.0
  • Debian Linux 3.1.0
  • Debian Linux 3.1.0 Alpha
  • Debian Linux 3.1.0 Amd64
  • Debian Linux 3.1.0 Arm
  • Debian Linux 3.1.0 Hppa
  • Debian Linux 3.1.0 Ia-32
  • Debian Linux 3.1.0 Ia-64
  • Debian Linux 3.1.0 M68k
  • Debian Linux 3.1.0 Mips
  • Debian Linux 3.1.0 Mipsel
  • Debian Linux 3.1.0 Ppc
  • Debian Linux 3.1.0 S/390
  • Debian Linux 3.1.0 Sparc
  • MySQL AB MySQL 3.22.25
  • MySQL AB MySQL 3.23.49
  • MySQL AB MySQL 4.0.0 .0
  • MySQL AB MySQL 4.0.1
  • MySQL AB MySQL 4.0.10
  • MySQL AB MySQL 4.0.11
  • MySQL AB MySQL 4.0.11 -Gamma
  • MySQL AB MySQL 4.0.12
  • MySQL AB MySQL 4.0.13
  • MySQL AB MySQL 4.0.14
  • MySQL AB MySQL 4.0.15
  • MySQL AB MySQL 4.0.18
  • MySQL AB MySQL 4.0.2
  • MySQL AB MySQL 4.0.20
  • MySQL AB MySQL 4.0.21
  • MySQL AB MySQL 4.0.23
  • MySQL AB MySQL 4.0.24
  • MySQL AB MySQL 4.0.3
  • MySQL AB MySQL 4.0.4
  • MySQL AB MySQL 4.0.5
  • MySQL AB MySQL 4.0.5 A
  • MySQL AB MySQL 4.0.6
  • MySQL AB MySQL 4.0.7
  • MySQL AB MySQL 4.0.7 -Gamma
  • MySQL AB MySQL 4.0.8
  • MySQL AB MySQL 4.0.8 -Gamma
  • MySQL AB MySQL 4.0.9
  • MySQL AB MySQL 4.0.9 -Gamma
  • MySQL AB MySQL 4.1.0-0
  • MySQL AB MySQL 4.1.0.0-Alpha
  • MySQL AB MySQL 4.1.10A
  • MySQL AB MySQL 4.1.11A
  • MySQL AB MySQL 4.1.2 -Alpha
  • MySQL AB MySQL 4.1.3 -0
  • MySQL AB MySQL 4.1.3 -Beta
  • MySQL AB MySQL 4.1.4
  • MySQL AB MySQL 4.1.5
  • MySQL AB MySQL 5.0.0 .0-0
  • MySQL AB MySQL 5.0.0 .0-Alpha
  • MySQL AB MySQL 5.0.1
  • MySQL AB MySQL 5.0.2
  • MySQL AB MySQL 5.0.3
  • MySQL AB MySQL 5.0.4
  • Red Hat Fedora Core3
  • Red Hat Fedora Core4
  • Red Hat Linux 7.3.0
  • Red Hat Linux 7.3.0 I386
  • Red Hat Linux 7.3.0 I686
  • Red Hat Linux 9.0.0 I386
  • SCO Unixware 7.1.4
  • Sun Solaris 10 Sparc
  • Sun Solaris 10 X86
  • SuSE cvsup-16.1h-36.i586.rpm Null
  • SuSE Linux Personal 8.2.0
  • SuSE Linux Personal 9.0.0
  • SuSE Linux Personal 9.0.0 X86 64
  • SuSE Linux Personal 9.1.0
  • SuSE Linux Personal 9.1.0 X86 64
  • SuSE Linux Personal 9.2.0
  • SuSE Linux Personal 9.2.0 X86 64
  • SuSE Linux Personal 9.3.0
  • SuSE Linux Personal 9.3.0 X86 64
  • SuSE Linux Professional 8.2.0
  • SuSE Linux Professional 9.0.0
  • SuSE Linux Professional 9.0.0 X86 64
  • SuSE Linux Professional 9.1.0
  • SuSE Linux Professional 9.1.0 X86 64
  • SuSE Linux Professional 9.2.0
  • SuSE Linux Professional 9.2.0 X86 64
  • SuSE Linux Professional 9.3.0
  • SuSE Linux Professional 9.3.0 X86 64
  • SuSE Open-Enterprise-Server 9.0.0
  • SuSE SUSE Linux Enterprise Server 7
  • SuSE SUSE Linux Enterprise Server 8
  • SuSE SUSE Linux Enterprise Server 9
  • SuSE SuSE Linux Openexchange Server 4.0.0
  • SuSE SUSE LINUX Retail Solution 8.0.0
  • SuSE SuSE Linux School Server for i386
  • SuSE SuSE Linux Standard Server 8.0.0
  • Turbolinux Appliance Server 1.0.0 Hosting Edition
  • Turbolinux Appliance Server 1.0.0 Workgroup Edition
  • Turbolinux Appliance Server 2.0
  • Turbolinux Appliance Server Hosting Edition 1.0.0
  • Turbolinux Appliance Server Workgroup Edition 1.0.0
  • Turbolinux Home
  • Turbolinux Multimedia
  • Turbolinux Personal
  • Turbolinux 10 F...
  • Turbolinux FUJI
  • Turbolinux Turbolinux Desktop 10.0.0
  • Turbolinux Turbolinux Server 10.0.0
  • Turbolinux Turbolinux Server 10.0.0 X86
  • Turbolinux Turbolinux Server 7.0.0
  • Turbolinux Turbolinux Server 8.0.0
  • Turbolinux Turbolinux Workstation 8.0.0
  • Ubuntu Ubuntu Linux 5.10.0 Amd64
  • Ubuntu Ubuntu Linux 5.10.0 I386
  • Ubuntu Ubuntu Linux 5.10.0 Powerpc

References

  • BugTraq: 14509
  • CVE: CVE-2005-2558
  • URL: http://www.appsecinc.com/resources/alerts/mysql/2005-002.html
  • URL: http://www.sans.org/newsletters/risk/display.php?v=4&i=32#05.32.18

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out