|
|
|||
| Rule General Information |
|---|
| Release Date: | 2014-12-19 | |
| Rule Name: | MySQL CREATE FUNCTION mysql.func Arbitrary Library injection (CVE-2005-0710) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table. | |
| Impact: | Remote code execution | |
| Affected OS: | Solaris, Other Unix, FreeBSD, Linux | |
| Reference: | CVE-2005-0710 |
|
| Solutions |
|---|
| Update vendor's patch. |