Detections
Analytics

MySQL User-Defined Functions Multiple Vulnerabilities

high Nessus Plugin ID 17698

Language:

Synopsis

The remote database server is potentially affected by multiple vulnerabilities.

Description

User-defined functions in MySQL can allow a database user to cause binary libraries on the host to be loaded. The insert privilege on the table 'mysql.func' is required for a user to create user-defined functions. When running on Windows and possibly other operating systems, MySQL is potentially affected by the following vulnerabilities:

 - If an invalid library is requested the Windows function 'LoadLibraryEx' will block processing until an error dialog box is acknowledged on the server.
 It is not likely that non-Windows systems are affected by this particular issue.

 - MySQL requires that user-defined libraries contain functions with names fitting the formats: 'XXX_deinit' or 'XXX_init'. However, other libraries are known to contain functions fitting these formats and, when called upon, can cause application crashes, memory corruption and stack pollution.

Solution

There is currently no known fix or patch to address these issues. Instead, make sure access to create user-defined functions is restricted.

See Also

https://seclists.org/fulldisclosure/2005/Aug/199

Plugin Details

Severity: High

ID: 17698

File Name: mysql_user_defined_functions_restrictions.nasl

Version: 1.13

Type: remote

Family: Databases

Published: 11/18/2011

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:mysql:mysql

Required KB Items: Settings/PCI_DSS

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 8/8/2005

Reference Information

CVE: CVE-2005-2572

BID: 62358