3528.txt

snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具

Rule:

--
Sid:
3528

--
Summary:
This event is generated when an attempt is made to exploit a
vulnerability associated with the MySQL CREATE FUNCTION.

--
Impact:
A successful attack can allow an authenticated user with INSERT and
DELETE privileges for the administrative database to execute arbitrary code.

--
Detailed Information:
A vulnerability exists in MySQL's handling of the CREATE FUNCTION
command, possibly allowing an authenticated user with INSERT and DELETE
privileges for the administrative databases to execute arbitrary code.

The CREATE FUNCTION allows a user to create a user-defined function
(UDF) that is stored in a system shared library.  A flaw exists that
permits a user to call any function in the shared library as a UDF. This
may allow arbitrary code to be executed with MySQL privileges.

--
Affected Systems:
	MySQL AB MySQL 4.0.0 - 4.0.23
	MySQL AB MySQL 4.1.0 - 4.1.10

--
Attack Scenarios:
An authenticated user with necessary privileges can use the CREATE
FUNCTION to execute arbitrary code on a vulnerable server.

--
Ease of Attack:
Simple. Exploit code is available.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Upgrade to the most current non-affected version of the product.

--
Contributors:
Sourcefire Research Team
Judy Novak <judy.novak@sourcefire.com>

--
Additional References

--