[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-4226Date: (C)2006-08-18   (M)2023-12-22


MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.6
Exploit Score: 3.9
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1016710
BID-19559
SECUNIA-21506
SECUNIA-21627
SECUNIA-21762
SECUNIA-22080
SECUNIA-24479
SECUNIA-24744
ADV-2006-3306
ADV-2007-0930
APPLE-SA-2007-03-13
DSA-1169
MDKSA-2006:149
RHSA-2007:0083
RHSA-2007:0152
SUSE-SR:2006:023
TA07-072A
http://lists.mysql.com/commits/5927
http://bugs.mysql.com/bug.php?id=17647
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html
http://docs.info.apple.com/article.html?artnum=305214
mysql-case-privilege-escalation(28448)
oval:org.mitre.oval:def:10729

CPE    21
cpe:/a:mysql:mysql:4.1.14
cpe:/a:mysql:mysql:5.0.10
cpe:/a:mysql:mysql:4.1.15
cpe:/a:mysql:mysql:4.1.0
...

© SecPod Technologies