Hillstone Networks

'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>

RULE（RULE ID：1505247）

Rule General Information


Release Date:		2025-11-12

Rule Name:		Mysql UserDefineFunction Exploit ELF File Drop Detection

Severity:

CVE ID:

Rule Protection Details


Description:		MySQL servers expose an extensible interface that allows loading arbitrary shared libraries as user-defined functions (UDFs). Attackers who obtain privileged database credentials can craft a malicious ELF shared object, encode it as a hexadecimal literal, and inject it through SQL statements. Once the binary is written to a writable server directory and registered as a function, the attacker gains the ability to execute native code with the privileges of the database process, typically leading to full host compromise, installation of backdoors, lateral movement, and exfiltration of sensitive data stored in the database or accessible file systems.

Impact:		An attacker could exploit this vulnerability to have unspecified effect.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

Please contact the software vendor to update the software patch.