Arbitrary Code Execution via CREATE FUNCTION in MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10

Arbitrary Code Execution via CREATE FUNCTION in MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10

CVE-2005-0709 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.