Check Point Advisories

MySQL CREATE FUNCTION Table Arbitrary Library Injection (CVE-2005-0710)

Check Point Reference: CPAI-2005-209
Date Published: 26 Oct 2009
Severity: High
Last Updated: Monday 26 October, 2009
Source:
Industry Reference:CVE-2005-0710
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description MySQL is an open-source implementation of a relational database management system supporting the SQL (Structured Query Language) database query language. MySQL allows users to create user-defined functions (UDF) through the CREATE FUNCTION command. A vulnerability exists in the user-defined function (UDF) implementation in MySQL due to insufficient policy enforcement. A remote authenticated user with INSERT privileges on the MySQL administrative database can exploit this vulnerability to bypass UDF library path restrictions. This may allow an attacker to execute arbitrary code, with the privileges of mysqld, by calling functions in arbitrary shared libraries. The target MySQL server continues its normal functionality without error even after a successfull attack, yet once the server is restarted, the injected malicious UDFs are loaded and ready for execution. The behaviour of the target system will be dependent on the intent of the code. If the crafted SQL statements are successfully executed but the required shared library files are not on the target system, the MySQL server will output error messages when it fails to load the non-existent shared library files when starting. Any SQL command calling the malicious UDFs will get a syntax error. In practice, the attacker may force the target MySQL to restart in order to load the injected UDFs, this will close other user connections established to the target.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the MySQL CREATE FUNCTION Table Arbitrary Library Injection protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  MySQL Protection Violation.
Attack Information:  MySQL CREATE FUNCTION table arbitrary library injection

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK