MySQL User-Defined Functions Multiple Vulnerabilities

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote database server is potentially affected by multiple
vulnerabilities.

Description :

User-defined functions in MySQL can allow a database user to cause
binary libraries on the host to be loaded. The insert privilege on
the table 'mysql.func' is required for a user to create user-defined
functions. When running on Windows and possibly other operating
systems, MySQL is potentially affected by the following
vulnerabilities:

- If an invalid library is requested the Windows
function 'LoadLibraryEx' will block processing until
an error dialog box is acknowledged on the server.
It is not likely that non-Windows systems are affected
by this particular issue.

- MySQL requires that user-defined libraries contain
functions with names fitting the formats: 'XXX_deinit'
or 'XXX_init'. However, other libraries are known to
contain functions fitting these formats and, when called
upon, can cause application crashes, memory corruption
and stack pollution.

See also :

http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0201.html

Solution :

There is currently no known fix or patch to address these issues.
Instead, make sure access to create user-defined functions is
restricted.

Risk factor :

High / CVSS Base Score : 8.5
(CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 8.5
(CVSS2#E:ND/RL:U/RC:ND)
Public Exploit Available : false

Family: Databases

Nessus Plugin ID: 17698 ()

Bugtraq ID: 62358

CVE ID: CVE-2005-2572