[MDEV-21731] MySQL User-Defined Functions Multiple Vulnerabilities Created: 2020-02-13  Updated: 2020-07-15  Resolved: 2020-02-14

Status: Closed
Project: MariaDB Server
Component/s: Plugins
Affects Version/s: 10.2.25
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Dermot Brereton Assignee: Sergei Golubchik
Resolution: Not a Bug Votes: 0
Labels: None
Environment:

Ubuntu


 Description   

CVE-2005-2572: MySQL User-Defined Functions Multiple Vulnerabilities

Description
User-defined functions in MySQL can allow a database user to cause binary libraries on the host to be loaded. The insert privilege on the table 'mysql.func' is required for a user to create user-defined functions. When running on Windows and possibly other operating systems, MySQL is potentially affected by the following vulnerabilities:

  • If an invalid library is requested the Windows function 'LoadLibraryEx' will block processing until an error dialog box is acknowledged on the server.
    It is not likely that non-Windows systems are affected by this particular issue.
  • MySQL requires that user-defined libraries contain functions with names fitting the formats: 'XXX_deinit' or 'XXX_init'. However, other libraries are known to contain functions fitting these formats and, when called upon, can cause application crashes, memory corruption and stack pollution.

Please advise on the solution for this vulnerability?

 Comments   
Comment by Dermot Brereton [ 2020-02-13 ]

Please advise on the solution for this vulnerability?

Comment by Sergei Golubchik [ 2020-02-14 ]

This is not a bug. Please consult https://mariadb.org/contribute/ for various ways you can ask questions about MariaDB.

And read the documentation about how this issue was fixed 15 years ago

Comment by Hartmut Holzgraefe [ 2020-07-15 ]

Looks as if the Nessus scanner still reports this, for whatever reason ...

Generated at Thu Feb 08 09:09:22 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.