Rapid7 Vulnerability & Exploit Database

ELSA-2007-0152 Moderate: mysql security update

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

ELSA-2007-0152 Moderate: mysql security update

Severity

CVSS

(AV:N/AC:H/Au:S/C:P/I:P/A:N)

Published

08/18/2006

Created

07/25/2018

Added

12/20/2011

Modified

07/04/2017

Description

MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.

Solution(s)

oracle-linux-upgrade-mysql
oracle-linux-upgrade-mysql-bench
oracle-linux-upgrade-mysql-devel
oracle-linux-upgrade-mysql-server

References

https://attackerkb.com/topics/cve-2006-4226
APPLE-SA-2007-03-13
19559
TA07-072A
CVE - 2006-4226
DSA-1169
OVAL10729
RHSA-2007:0083
RHSA-2007:0152
http://oss.oracle.com/pipermail/el-errata/2007-April/000112.html
28448

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;