Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2572

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2005-2572
Last Modified 30 Oct 2013 09:42:53
Published 16 Aug 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2005-2572

Summary

MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll.

Vulnerable Systems

Application

  • Mysql 5.0.33


References

XF - mysql-loadlibraryex-dos(21756)

MISC - http://www.appsecinc.com/resources/alerts/mysql/2005-003.html

BUGTRAQ - 20050808 [AppSecInc Advisory MYSQL05-V0003] Multiple Issues with MySQL User Defined Functions

SECTRACK - 1029010

SECUNIA - 54788

BID - 62358

HP - SSRT101272

HP - HPSBPV02918


Last Updated: 27 May 2016 11:03:18