Computer Security
[EN] securityvulns.ru no-pyccku


MySQL dynamic functions loading vulnerability
Published:17.03.2009
Source:
SecurityVulns ID:9747
Type:local
Threat Level:
5/10
Description:It's possible to load dynamic library from any location; functions are still available after library is unloaded.
Affected:ORACLE : MySQL 5.0
CVE:CVE-2008-4098 (MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.)
 CVE-2005-2573 (The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character.)
Original documentdocumentrahimeh.khodadadi_(at)_gmail.com, reporting CVE (17.03.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod