Reid Borsuk

**Name of the Vulnerable Software and Affected Versions** MySQL versions 4.0 through 4.0.24 MySQL versions 4.1 through 4.1.12 MySQL versions 5.0 through 5.0.6-beta **Description** A stack-based buffer overflow issue exists in the init syms function, allowing remote authenticated users who can create user-defined functions to execute arbitrary code via a long `function name` field. **Recommendations** For MySQL versions 4.0 through 4.0.24, update to version 4.0.25 or later. For MySQL versions 4.1 through 4.1.12, update to version 4.1.13 or later. For MySQL versions 5.0 through 5.0.6-beta, update to version 5.0.7-beta or later.

**Name of the Vulnerable Software and Affected Versions** MySQL (affected versions not specified) **Description** The issue allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code. This can be achieved by requesting (1) a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX deinit or XXX init functions defined but is not tailored for MySQL, such as jpeg1x32.dll and jpeg2x32.dll. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MySQL versions 4.0 through 4.0.24 MySQL versions 4.1 through 4.1.12 MySQL versions 5.0 through 5.0.6-beta **Description** The issue arises from an incomplete blacklist used in a directory traversal check within the `mysql create function` function. This allows attackers to include arbitrary files using the backslash (``) character when running on Windows. **Recommendations** For MySQL versions 4.0 through 4.0.24, update to version 4.0.25 or later. For MySQL versions 4.1 through 4.1.12, update to version 4.1.13 or later. For MySQL versions 5.0 through 5.0.6-beta, update to version 5.0.7-beta or later.