MySQL GRANT Access Weakness
|7||(AV:N/AC:M/Au:N/C:P/I:P/A:P)||September 06, 2004||December 23, 2004||August 22, 2013|
Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
- CIAC: http://www.ciac.org/ciac/bulletins/P-018.shtml
- CONECTIVA: http://distro.conectiva.com/atualizacoes/?id=a&anuncio=CLA-2005:947
- DEBIAN: http://www.debian.org/security/dsa-707
- MANDRAKE: http://www.mandriva.com/security/advisories?name=MDKSA-2005:070
- REDHAT: http://rhn.redhat.com/errata/RHSA-2004-597.html
- REDHAT: http://rhn.redhat.com/errata/RHSA-2004-611.html
- URL: http://marc.theaimsgroup.com/?l=bugtraq
- URL: http://xforce.iss.net/xforce/xfdb/17783
- XF: http://xforce.iss.net/xforce/xfdb/17783
- Oracle MySQL >= 4.0 and < 4.0.21
Upgrade to Oracle MySQL version 4.0.21
Download and apply the upgrade from: http://downloads.mysql.com/archives.php
Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
- Upgrade to the latest version of Oracle MySQL
Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql