CVE-2005-0709
Published: 2 May 2005
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.
Priority
Status
Package | Release | Status |
---|---|---|
mysql-dfsg Launchpad, Ubuntu, Debian |
dapper |
Released
(4.0.24-10ubuntu2)
|
edgy |
Released
(4.0.24-10ubuntu2)
|
|
feisty |
Does not exist
|
|
upstream |
Needs triage
|
|
mysql-dfsg-4.1 Launchpad, Ubuntu, Debian |
dapper |
Released
(4.1.15-1ubuntu5)
|
edgy |
Released
(4.1.15-1ubuntu5)
|
|
feisty |
Does not exist
|
|
upstream |
Needs triage
|
|
mysql-dfsg-5.0 Launchpad, Ubuntu, Debian |
dapper |
Released
(5.0.22-0ubuntu6.06.3)
|
edgy |
Released
(5.0.24a-9ubuntu0.1)
|
|
feisty |
Released
(5.0.38-0ubuntu1)
|
|
upstream |
Needs triage
|