CVE-2005-0709

NameCVE-2005-0709
DescriptionMySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-707-1
NVD severitymedium (attack range: local)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mysqlsourcewoody3.23.49-8.11mediumDSA-707-1
mysql-dfsgsource(unstable)4.0.24medium
mysql-dfsg-4.1source(unstable)4.1.10amedium

Search for package or bug name: Reporting problems