ISS X-Force Database: mysql-udf-directory-traversal(21738): MySQL UDF mysql_create

MySQL UDF mysql_create_function function directory traversal

mysql-udf-directory-traversal (21738)

Medium Risk

Description:

MySQL is a popular, freely distributed relational database server often used as a back-end for Web sites. MySQL versions 4.0.25, 4.1.13, and 5.0.7-beta when running on Microsoft Windows operating systems could allow a remote attacker to include arbitrary files, caused by a vulnerability in the mysql_create_function function. An attacker could send specially-crafted request using the backslash character (\) to bypass the directory traversal checks and possibly execute arbitrary code on the system.

Platforms Affected:

MySQL, MySQL 4.0.25
MySQL, MySQL 4.1.13
MySQL, MySQL 5.0.7 Beta

Remedy:

Apply the patch for this vulnerability, available from the MySQL Downloads Web page. See References.

Consequences:

Gain Access

References:

Full-Disclosure Mailing List, Mon Aug 08 2005 - 17:43:02 CDT, [AppSecInc Advisory MYSQL05-V0001] Improper Filtering of Directory Traversal Characters in MySQL User Defined Functions at http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0202.html.
MySQL Download Web page, MySQL Downloads at http://dev.mysql.com/downloads/.
SHATTER Team Security Alert, MySQL: Improper Filtering of Directory Traversal Characters in User Defined Functions at http://www.appsecinc.com/resources/alerts/mysql/2005-001.html.
CVE-2005-2573: The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character.

Reported:

Aug 08, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page