CVE-2005-0709

Description

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.

Software From Fixed in
oracle / mysql 3.23.49 3.23.49.x
oracle / mysql 4.0.0 4.0.0.x
oracle / mysql 4.0.1 4.0.1.x
oracle / mysql 4.0.10 4.0.10.x
oracle / mysql 4.0.11 4.0.11.x
oracle / mysql 4.0.11-gamma 4.0.11-gamma.x
oracle / mysql 4.0.12 4.0.12.x
oracle / mysql 4.0.13 4.0.13.x
oracle / mysql 4.0.14 4.0.14.x
oracle / mysql 4.0.15 4.0.15.x
oracle / mysql 4.0.18 4.0.18.x
oracle / mysql 4.0.2 4.0.2.x
oracle / mysql 4.0.20 4.0.20.x
oracle / mysql 4.0.21 4.0.21.x
oracle / mysql 4.0.23 4.0.23.x
oracle / mysql 4.0.3 4.0.3.x
oracle / mysql 4.0.4 4.0.4.x
oracle / mysql 4.0.5 4.0.5.x
oracle / mysql 4.0.5a 4.0.5a.x
oracle / mysql 4.0.6 4.0.6.x
oracle / mysql 4.0.7 4.0.7.x
oracle / mysql 4.0.7-gamma 4.0.7-gamma.x
oracle / mysql 4.0.8 4.0.8.x
oracle / mysql 4.0.8-gamma 4.0.8-gamma.x
oracle / mysql 4.0.9 4.0.9.x
oracle / mysql 4.0.9-gamma 4.0.9-gamma.x
oracle / mysql 4.1.0-alpha 4.1.0-alpha.x
oracle / mysql 4.1.2-alpha 4.1.2-alpha.x
oracle / mysql 4.1.3-beta 4.1.3-beta.x
oracle / mysql 4.1.4 4.1.4.x
oracle / mysql 4.1.5 4.1.5.x
mysql / mysql 4.1.0 4.1.0.x
mysql / mysql 4.1.10 4.1.10.x
mysql / mysql 4.1.3 4.1.3.x