MySQL UDF mysql_create_function function directory traversal

mysql-udf-directory-traversal (21738) The risk level is classified as MediumMedium Risk

Description:

MySQL is a popular, freely distributed relational database server often used as a back-end for Web sites. MySQL versions 4.0.25, 4.1.13, and 5.0.7-beta when running on Microsoft Windows operating systems could allow a remote attacker to include arbitrary files, caused by a vulnerability in the mysql_create_function function. An attacker could send specially-crafted request using the backslash character (\) to bypass the directory traversal checks and possibly execute arbitrary code on the system.


Consequences:

Gain Access

Remedy:

Apply the patch for this vulnerability, available from the MySQL Downloads Web page. See References.

References:

  • Full-Disclosure Mailing List, Mon Aug 08 2005 - 17:43:02 CDT: [AppSecInc Advisory MYSQL05-V0001] Improper Filtering of Directory Traversal Characters in MySQL User Defined Functions.
  • MySQL Download Web page: MySQL Downloads.
  • SHATTER Team Security Alert: MySQL: Improper Filtering of Directory Traversal Characters in User Defined Functions.
  • CVE-2005-2573: The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character.

Platforms Affected:

  • MySQL MySQL 4.0.25
  • MySQL MySQL 4.1.13
  • MySQL MySQL 5.0.7 Beta

Reported:

Aug 08, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page