MySQL User-Defined Functions Multiple Vulnerabilities

[ScottMc]

Our Nagios XI server is showing up on our security scans for the the following "MySQL User-Defined Functions Multiple Vulnerabilities":

Risk Factor: High
CVSS v2.0 Base Score: 8.5

Description
User-defined functions in MySQL can allow a database user to cause binary libraries on the host to be loaded. The insert privilege on the table 'mysql.func' is required for a user to create user-defined functions. When running on Windows and possibly other operating systems, MySQL is potentially affected by the following vulnerabilities:

If an invalid library is requested the Windows function 'LoadLibraryEx' will block processing until an error dialog box is acknowledged on the server.
It is not likely that non-Windows systems are affected by this particular issue.

MySQL requires that user-defined libraries contain functions with names fitting the formats: 'XXX_deinit' or 'XXX_init'. However, other libraries are known to contain functions fitting these formats and, when called upon, can cause application crashes, memory corruption and stack pollution.

Solution
There is currently no known fix or patch to address these issues. Instead, make sure access to create user-defined functions is restricted.

Can someone confirm whether access to user-defined functions is restricted, and if not, how this can be remediated without breaking the product? Thanks!

Scott

[ssax]

We don't use any user-defined libraries that I'm aware of.

Please send us the endpoints that your scanner detected as vulnerable on the system so that we can investigate further.

Include the output of these commands:

Code: Select all

uname -a
cat /etc/*release
rpm -qa | grep -i mysql
rpm -qa | grep -i mariadb

[ScottMc]

Ouput is below:

Code: Select all

[root@nagios01 ~]# uname -a
Linux nagios01 3.10.0-1160.49.1.el7.x86_64 #1 SMP Tue Nov 30 15:51:32 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
[root@nagios01 ~]# cat /etc/*release
CentOS Linux release 7.9.2009 (Core)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

CentOS Linux release 7.9.2009 (Core)
CentOS Linux release 7.9.2009 (Core)
[root@nagios01 ~]# rpm -qa | grep -i mysql
php-mysql-5.4.16-48.el7.x86_64
perl-DBD-MySQL-4.023-6.el7.x86_64
[root@nagios01 ~]# rpm -qa | grep -i mariadb
mariadb-5.5.68-1.el7.x86_64
mariadb-devel-5.5.68-1.el7.x86_64
mariadb-server-5.5.68-1.el7.x86_64
mariadb-libs-5.5.68-1.el7.x86_64
[root@nagios01 ~]#

[ssax]

Please send us the endpoints that your scanner detected as vulnerable on the system so that we can investigate further.