[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

254202

 
 

909

 
 

198060

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2004-0835Date: (C)2004-11-03   (M)2023-12-22


MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1011606
SUNALERT-101864
BID-11357
SECUNIA-12783
2004-0054
CLA-2004:892
DSA-562
GLSA-200410-22
P-018
RHSA-2004:597
RHSA-2004:611
http://bugs.mysql.com/bug.php?id=3270
http://lists.mysql.com/internals/13073
http://www.mysql.org/doc/refman/4.1/en/news-4-0-19.html
http://www.mysql.org/doc/refman/4.1/en/news-4-1-2.html
mysql-alter-restriction-bypass(17666)

CPE    3
cpe:/a:mysql:mysql
cpe:/a:oracle:mysql
cpe:/o:debian:debian_linux:3.0

© SecPod Technologies