Vulnerability Name:

CVE-2005-2572 (CCN-21756)

Assigned:2005-08-08
Published:2005-08-08
Updated:2019-12-17
Summary:MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:8.5 High (CVSS v2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2005-2572

Source: CCN
Type: MySQL Download Web page
MySQL Downloads

Source: HP
Type: UNKNOWN
HPSBPV02918

Source: BUGTRAQ
Type: UNKNOWN
20050808 [AppSecInc Advisory MYSQL05-V0003] Multiple Issues with MySQL User Defined Functions

Source: CCN
Type: BugTraq Mailing List, 2005-08-08 22:41:59
Multiple Issues with MySQL User

Source: CCN
Type: SA54788
HP ProCurve Manager Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
54788

Source: CCN
Type: SHATTER Team Security Alert
MySQL: Multiple Issues with User Defined Functions

Source: MISC
Type: Vendor Advisory
http://www.appsecinc.com/resources/alerts/mysql/2005-003.html

Source: CCN
Type: OSVDB ID: 18898
MySQL UDF LoadLibraryEx Function Nonexistent Library Load DoS

Source: BID
Type: UNKNOWN
62358

Source: CCN
Type: BID-62358
Oracle MySQL CVE-2005-2572 Remote Code Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1029010

Source: XF
Type: UNKNOWN
mysql-loadlibraryex-dos(21756)

Source: XF
Type: UNKNOWN
mysql-loadlibraryex-dos(21756)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:mysql:5.0.33:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mysql:mysql:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    oracle mysql 5.0.33
    mysql mysql *