Skip to content

Heise Security: Buffer Overflow in MySQL

Heise Security writes about the UDF Buffer Overflow in MySQL (CAN-2005-2558).

The bug is fixed in 4.0.25, 4.1.13 and 5.0.7 (beta). It is exploitable only if
  • your MySQL port is reachable,
  • and you are authenticated,
  • and you have permission to execute create function. To be able to do this, you need INSERT privilege on the mysql.func table, that is, you usually are already root on your server.
The bug is consequently considered not critical.

System integrators that provide MySQL as part of their distributions are following suit with their respective advisories and provide upgrades.

More background information: The term user defined function describes the ability of the MySQL server to load and execute machine code at run-time within the context of the MySQL server. This code is made available to the end user in the form of SQL functions that can be called in SELECT and other commands. Security is implemented by restricting the pathnames from which code can be loaded, but UDF permission still is an extremely far reaching access right, and is not granted by default to anybody except the DBA.

Should you upgrade? The upgrade to a current version of MySQL is recommended, but is critical in your environment only, if the above three conditions for an exploit are met by users you deem untrustworthy within the terms of your security policy.


No Trackbacks


Display comments as Linear | Threaded

No comments

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.

BBCode format allowed