Exploits Circulating for MySQL Flaws | eWeek

Exploits Circulating for MySQL Flaws

Écrit par
Ryan Naraine
Ryan Naraine
Mar 11, 2005
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

At least two public exploits are circulating for a trio of vulnerabilities in the open-source MySQL database engine, security experts warned on Friday.

According to alerts released on security mailing lists, the most serious flaw can be exploited by malicious users to compromise a vulnerable system. In some cases, malicious local users could also perform certain actions on a vulnerable system with escalated privileges.

The bugs affect MySQL versions 4.0.23, and 4.1.10 and prior.

MySQL AB, the Swedish company that produces and manages the freely available database, has addressed the flaws in MySQL versions 4.0.24 and 4.1.10a.

Security information aggregator Secunia recommends that customers apply the appropriate patches immediately or limit the privileges granted to untrusted users.

Limiting privileges would protect against the input validation error in the “udf_init()” function that causes the “dl” field of the “mysql.func” table to not be properly sanitized before being used to load libraries, according to Secunia.

This could allow malicious attacker to manipulate the “mysql” administrative database directly via an “Insert into” statement instead of using “Create function.”

/zimages/4/28571.gifA recent analysis found MySQL code short on bugs.Click hereto read more.

According to the advisory, successful exploitation allows loading a malicious library from an arbitrary location, but it requires “Insert” and “Delete” permissions on the “mysql” administrative database.

A separate vulnerability is caused because temporary files are created insecurely with the “Create temporary table” command. The company warned that this can be exploited via symlink attacks to overwrite arbitrary files with the privileges of MySQL.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.