Back to search

MySQL GRANT Access Weakness

Severity CVSS Published Added Modified
7 (AV:N/AC:M/Au:N/C:P/I:P/A:P) September 06, 2004 December 23, 2004 August 22, 2013

Description

Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

  • Oracle MySQL >= 4.0 and < 4.0.21

    Upgrade to Oracle MySQL version 4.0.21

    Download and apply the upgrade from: http://downloads.mysql.com/archives.php

    Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.

  • Upgrade to the latest version of Oracle MySQL

    Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql

Related Vulnerabilities