CVE-2005-0709

Name of the Vulnerable Software and Affected Versions MySQL versions 4.0.23 and earlier MySQL versions 4.1.x up to 4.1.10

Description The issue allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, such as strcat, on exit, and exit.

Recommendations For MySQL versions 4.0.23 and earlier, update to a version later than 4.0.23 to resolve the issue. For MySQL versions 4.1.x up to 4.1.10, update to a version later than 4.1.10 to resolve the issue. As a temporary workaround, consider restricting the use of the CREATE FUNCTION statement to minimize the risk of exploitation.