Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-21731

MySQL User-Defined Functions Multiple Vulnerabilities

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Not a Bug
    • 10.2.25
    • N/A
    • Plugins
    • None
    • Ubuntu

    Description

      CVE-2005-2572: MySQL User-Defined Functions Multiple Vulnerabilities

      Description
      User-defined functions in MySQL can allow a database user to cause binary libraries on the host to be loaded. The insert privilege on the table 'mysql.func' is required for a user to create user-defined functions. When running on Windows and possibly other operating systems, MySQL is potentially affected by the following vulnerabilities:

      • If an invalid library is requested the Windows function 'LoadLibraryEx' will block processing until an error dialog box is acknowledged on the server.
        It is not likely that non-Windows systems are affected by this particular issue.
      • MySQL requires that user-defined libraries contain functions with names fitting the formats: 'XXX_deinit' or 'XXX_init'. However, other libraries are known to contain functions fitting these formats and, when called upon, can cause application crashes, memory corruption and stack pollution.

      Please advise on the solution for this vulnerability?

      Attachments

        Activity

          People

            serg Sergei Golubchik
            Dermot.Brereton Dermot Brereton
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.