Vulnerability Name:

CVE-2005-2573 (CCN-21738)

Assigned:2005-08-08
Published:2005-08-08
Updated:2019-12-17
Summary:The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Full-Disclosure Mailing List, Mon Aug 08 2005 - 17:43:02 CDT
[AppSecInc Advisory MYSQL05-V0001] Improper Filtering of Directory Traversal Characters in MySQL User Defined Functions

Source: MITRE
Type: CNA
CVE-2005-2573

Source: CCN
Type: MySQL Download Web page
MySQL Downloads

Source: FULLDISC
Type: Patch, Vendor Advisory
20050808 [AppSecInc Advisory MYSQL05-V0001] Improper Filtering of Directory Traversal Characters in MySQL User Defined Functions

Source: BUGTRAQ
Type: UNKNOWN
20050808 [AppSecInc Advisory MYSQL05-V0001] Improper Filtering of Directory Traversal Characters in MySQL User Defined Functions

Source: CONFIRM
Type: UNKNOWN
http://mysql.bkbits.net:8080/mysql-4.0/cset@428b981bg2iwh3CbGANDaF-W6DbttA

Source: CONFIRM
Type: UNKNOWN
http://mysql.bkbits.net:8080/mysql-4.0/gnupatch@428b981bg2iwh3CbGANDaF-W6DbttA

Source: CCN
Type: SHATTER Team Security Alert
MySQL: Improper Filtering of Directory Traversal Characters in User Defined Functions

Source: MISC
Type: Patch, Vendor Advisory
http://www.appsecinc.com/resources/alerts/mysql/2005-001.html

Source: CCN
Type: OSVDB ID: 18897
MySQL on Windows UDF Create Function Traversal Privilege Escalation

Source: XF
Type: UNKNOWN
mysql-udf-directory-traversal(21738)

Source: XF
Type: UNKNOWN
mysql-udf-directory-traversal(21738)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:mysql:4.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.3:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.10:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.4:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.24:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.2:alpha:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.3:beta:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:mysql:4.0.25:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.13:-:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    mysql mysql 4.1.0
    mysql mysql 4.1.3
    mysql mysql 4.1.10
    mysql mysql 5.0.1
    mysql mysql 5.0.2
    mysql mysql 5.0.3
    mysql mysql 5.0.4
    oracle mysql 4.0.0
    oracle mysql 4.0.1
    oracle mysql 4.0.2
    oracle mysql 4.0.3
    oracle mysql 4.0.4
    oracle mysql 4.0.5
    oracle mysql 4.0.5a
    oracle mysql 4.0.6
    oracle mysql 4.0.7
    oracle mysql 4.0.7 gamma
    oracle mysql 4.0.8
    oracle mysql 4.0.8 gamma
    oracle mysql 4.0.9
    oracle mysql 4.0.9 gamma
    oracle mysql 4.0.10
    oracle mysql 4.0.11
    oracle mysql 4.0.11 gamma
    oracle mysql 4.0.12
    oracle mysql 4.0.13
    oracle mysql 4.0.14
    oracle mysql 4.0.15
    oracle mysql 4.0.18
    oracle mysql 4.0.20
    oracle mysql 4.0.21
    oracle mysql 4.0.24
    oracle mysql 4.1.0 alpha
    oracle mysql 4.1.2 alpha
    oracle mysql 4.1.3 beta
    oracle mysql 4.1.4
    oracle mysql 4.1.5
    oracle mysql 5.0.0 alpha
    mysql mysql 4.0.25
    mysql mysql 4.1.13