MySQL User Defined Function Detected

High Nessus Network Monitor Plugin ID 8218

Synopsis

The MySQL server running on the remote server appears to accept user-defined functions.

Description

User-defined functions in MySQL can allow a database user to load binary libraries. The insert privilege on the table '/mysql.func' is required for a user to create user-defined functions. It was confirmed that MySQL on the Windows platform (and possibly other platforms, though unverified) is potentially impacted by the following vulnerabilities:

- If an invalid library is requested the Windows function 'LoadLibraryEx' will block processing until an error dialog box is acknowledged on the server. It is not likely that non-Windows systems are affected by this particular issue.

- MySQL requires that user-defined libraries contain functions with names fitting the formats: 'XXX_deinit' or 'XXX_init'. However, other libraries are known to contain functions fitting these formats and, when called upon, can cause application crashes, memory corruption and stack pollution.

Solution

The vendor has not released a fix for this issue. Ensure that the privilege of creating user-defined functions is restricted to authorized users.

See Also

http://xforce.iss.net/xforce/xfdb/21756

http://marc.theaimsgroup.com/?l=bugtraq&m=112360818900941&w=2

Plugin Details

Severity: High

ID: 8218

File Name: 8218.prm

Family: Database

Published: 2014/04/24

Modified: 2017/01/31

Dependencies: 5135

Nessus ID: 17698

Risk Information

Risk Factor: High

CVSSv2

Base Score: 8.5

Temporal Score: 8.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:U/RC:ND

CVSSv3

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS3#AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:X/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:oracle:mysql

Vulnerability Publication Date: 2005/08/08

Reference Information

BID: 62358

OSVDB: 18898