Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0835

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0835
Last Modified 10 Sep 2008 03:27:59
Published 03 Nov 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0835

Summary

MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.

Vulnerable Systems

Application

  • Mysql 3.23.59

  • Mysql 4.0.21


References

XF - mysql-alter-restriction-bypass(17666)

BID - 11357

REDHAT - RHSA-2004:611

REDHAT - RHSA-2004:597

GENTOO - GLSA-200410-22

DEBIAN - DSA-562

SECUNIA - 12783

TRUSTIX - 2004-0054

CIAC - P-018

SECTRACK - 1011606

MISC - http://lists.mysql.com/internals/13073

CONECTIVA - CLA-2004:892

MISC - http://bugs.mysql.com/bug.php?id=3270

CONFIRM - http://www.mysql.org/doc/refman/4.1/en/news-4-1-2.html

CONFIRM - http://www.mysql.org/doc/refman/4.1/en/news-4-0-19.html

SUNALERT - 101864


Last Updated: 27 May 2016 10:38:46