NVD Vulnerability Detail

CVE-2005-0710

Summary	MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function.
Publication Date	May 2, 2005, 1 p.m.
Registration Date	Jan. 29, 2021, 5:58 p.m.
Last Update	Dec. 18, 2019, 2:12 a.m.

CVSS2.0 : MEDIUM
Score	4.6
Vector	AV:L/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	はい
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mysql:mysql:4.1.0:::::::*
cpe:2.3:a:mysql:mysql:4.1.3:::::::*
cpe:2.3:a:mysql:mysql:4.1.10:::::::*
cpe:2.3:a:oracle:mysql:3.23.49:::::::*
cpe:2.3:a:oracle:mysql:4.0.0:::::::*
cpe:2.3:a:oracle:mysql:4.0.1:::::::*
cpe:2.3:a:oracle:mysql:4.0.2:::::::*
cpe:2.3:a:oracle:mysql:4.0.3:::::::*
cpe:2.3:a:oracle:mysql:4.0.4:::::::*
cpe:2.3:a:oracle:mysql:4.0.5:::::::*
cpe:2.3:a:oracle:mysql:4.0.5a:::::::*
cpe:2.3:a:oracle:mysql:4.0.6:::::::*
cpe:2.3:a:oracle:mysql:4.0.7:::::::*
cpe:2.3:a:oracle:mysql:4.0.7:gamma::::::
cpe:2.3:a:oracle:mysql:4.0.8:::::::*
cpe:2.3:a:oracle:mysql:4.0.8:gamma::::::
cpe:2.3:a:oracle:mysql:4.0.9:::::::*
cpe:2.3:a:oracle:mysql:4.0.9:gamma::::::
cpe:2.3:a:oracle:mysql:4.0.10:::::::*
cpe:2.3:a:oracle:mysql:4.0.11:::::::*
cpe:2.3:a:oracle:mysql:4.0.11:gamma::::::
cpe:2.3:a:oracle:mysql:4.0.12:::::::*
cpe:2.3:a:oracle:mysql:4.0.13:::::::*
cpe:2.3:a:oracle:mysql:4.0.14:::::::*
cpe:2.3:a:oracle:mysql:4.0.15:::::::*
cpe:2.3:a:oracle:mysql:4.0.18:::::::*
cpe:2.3:a:oracle:mysql:4.0.20:::::::*
cpe:2.3:a:oracle:mysql:4.0.21:::::::*
cpe:2.3:a:oracle:mysql:4.0.23:::::::*
cpe:2.3:a:oracle:mysql:4.1.0:alpha::::::
cpe:2.3:a:oracle:mysql:4.1.2:alpha::::::
cpe:2.3:a:oracle:mysql:4.1.3:beta::::::
cpe:2.3:a:oracle:mysql:4.1.4:::::::*
cpe:2.3:a:oracle:mysql:4.1.5:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0083.html	VULNWATCH	Exploit
2	http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html	APPLE
3	http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html	APPLE
4	http://marc.info/?l=bugtraq&m=111065974004648&w=2	BUGTRAQ
5	http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1	SUNALERT
6	http://www.debian.org/security/2005/dsa-707	DEBIAN	Patch
7	http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml	GENTOO	Patch
8	http://www.mandriva.com/security/advisories?name=MDKSA-2005:060	MANDRAKE
9	http://www.novell.com/linux/security/advisories/2005_19_mysql.html	SUSE	Patch
10	http://www.redhat.com/support/errata/RHSA-2005-334.html	REDHAT
11	http://www.redhat.com/support/errata/RHSA-2005-348.html	REDHAT
12	http://www.securityfocus.com/bid/12781	BID	Patch
13	http://www.trustix.org/errata/2005/0009/	TRUSTIX
14	https://exchange.xforce.ibmcloud.com/vulnerabilities/19658	XF
15	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10180	OVAL
16	https://usn.ubuntu.com/96-1/	UBUNTU

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mysql:mysql:4.1.0:::::::*
cpe:2.3:a:mysql:mysql:4.1.3:::::::*
cpe:2.3:a:mysql:mysql:4.1.10:::::::*
cpe:2.3:a:oracle:mysql:3.23.49:::::::*
cpe:2.3:a:oracle:mysql:4.0.0:::::::*
cpe:2.3:a:oracle:mysql:4.0.1:::::::*
cpe:2.3:a:oracle:mysql:4.0.2:::::::*
cpe:2.3:a:oracle:mysql:4.0.3:::::::*
cpe:2.3:a:oracle:mysql:4.0.4:::::::*
cpe:2.3:a:oracle:mysql:4.0.5:::::::*
cpe:2.3:a:oracle:mysql:4.0.5a:::::::*
cpe:2.3:a:oracle:mysql:4.0.6:::::::*
cpe:2.3:a:oracle:mysql:4.0.7:::::::*
cpe:2.3:a:oracle:mysql:4.0.7:gamma::::::
cpe:2.3:a:oracle:mysql:4.0.8:::::::*
cpe:2.3:a:oracle:mysql:4.0.8:gamma::::::
cpe:2.3:a:oracle:mysql:4.0.9:::::::*
cpe:2.3:a:oracle:mysql:4.0.9:gamma::::::
cpe:2.3:a:oracle:mysql:4.0.10:::::::*
cpe:2.3:a:oracle:mysql:4.0.11:::::::*
cpe:2.3:a:oracle:mysql:4.0.11:gamma::::::
cpe:2.3:a:oracle:mysql:4.0.12:::::::*
cpe:2.3:a:oracle:mysql:4.0.13:::::::*
cpe:2.3:a:oracle:mysql:4.0.14:::::::*
cpe:2.3:a:oracle:mysql:4.0.15:::::::*
cpe:2.3:a:oracle:mysql:4.0.18:::::::*
cpe:2.3:a:oracle:mysql:4.0.20:::::::*
cpe:2.3:a:oracle:mysql:4.0.21:::::::*
cpe:2.3:a:oracle:mysql:4.0.23:::::::*
cpe:2.3:a:oracle:mysql:4.1.0:alpha::::::
cpe:2.3:a:oracle:mysql:4.1.2:alpha::::::
cpe:2.3:a:oracle:mysql:4.1.3:beta::::::
cpe:2.3:a:oracle:mysql:4.1.4:::::::*
cpe:2.3:a:oracle:mysql:4.1.5:::::::*