CVE-2004-0957

Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947
http://www.ciac.org/ciac/bulletins/p-018.shtml
http://www.debian.org/security/2005/dsa-707
http://www.mandriva.com/security/advisories?name=MDKSA-2005:070
http://www.redhat.com/support/errata/RHSA-2004-597.html
http://www.redhat.com/support/errata/RHSA-2004-611.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/17783
https://www.ubuntu.com/usn/usn-32-1/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:openpkg:openpkg:2.1:::::::*
	cpe:2.3:a:openpkg:openpkg:2.2:::::::*
	cpe:2.3:a:openpkg:openpkg:current:::::::*
	cpe:2.3:a:oracle:mysql:3.20:::::::*
	cpe:2.3:a:oracle:mysql:3.20.32a:::::::*
	cpe:2.3:a:oracle:mysql:3.21:::::::*
	cpe:2.3:a:oracle:mysql:3.22:::::::*
	cpe:2.3:a:oracle:mysql:3.22.26:::::::*
	cpe:2.3:a:oracle:mysql:3.22.27:::::::*
	cpe:2.3:a:oracle:mysql:3.22.28:::::::*
	cpe:2.3:a:oracle:mysql:3.22.29:::::::*
	cpe:2.3:a:oracle:mysql:3.22.30:::::::*
	cpe:2.3:a:oracle:mysql:3.22.32:::::::*
	cpe:2.3:a:oracle:mysql:3.23:::::::*
	cpe:2.3:a:oracle:mysql:3.23.2:::::::*
	cpe:2.3:a:oracle:mysql:3.23.3:::::::*
	cpe:2.3:a:oracle:mysql:3.23.4:::::::*
	cpe:2.3:a:oracle:mysql:3.23.5:::::::*
	cpe:2.3:a:oracle:mysql:3.23.8:::::::*
	cpe:2.3:a:oracle:mysql:3.23.9:::::::*
	cpe:2.3:a:oracle:mysql:3.23.10:::::::*
	cpe:2.3:a:oracle:mysql:3.23.22:::::::*
	cpe:2.3:a:oracle:mysql:3.23.23:::::::*
	cpe:2.3:a:oracle:mysql:3.23.24:::::::*
	cpe:2.3:a:oracle:mysql:3.23.25:::::::*
	cpe:2.3:a:oracle:mysql:3.23.26:::::::*
	cpe:2.3:a:oracle:mysql:3.23.27:::::::*
	cpe:2.3:a:oracle:mysql:3.23.28:::::::*
	cpe:2.3:a:oracle:mysql:3.23.28:gamma::::::
	cpe:2.3:a:oracle:mysql:3.23.29:::::::*
	cpe:2.3:a:oracle:mysql:3.23.30:::::::*
	cpe:2.3:a:oracle:mysql:3.23.31:::::::*
	cpe:2.3:a:oracle:mysql:3.23.32:::::::*
	cpe:2.3:a:oracle:mysql:3.23.33:::::::*
	cpe:2.3:a:oracle:mysql:3.23.34:::::::*
	cpe:2.3:a:oracle:mysql:3.23.36:::::::*
	cpe:2.3:a:oracle:mysql:3.23.37:::::::*
	cpe:2.3:a:oracle:mysql:3.23.38:::::::*
	cpe:2.3:a:oracle:mysql:3.23.39:::::::*
	cpe:2.3:a:oracle:mysql:3.23.40:::::::*
	cpe:2.3:a:oracle:mysql:3.23.41:::::::*
	cpe:2.3:a:oracle:mysql:3.23.42:::::::*
	cpe:2.3:a:oracle:mysql:3.23.43:::::::*
	cpe:2.3:a:oracle:mysql:3.23.44:::::::*
	cpe:2.3:a:oracle:mysql:3.23.45:::::::*
	cpe:2.3:a:oracle:mysql:3.23.46:::::::*
	cpe:2.3:a:oracle:mysql:3.23.47:::::::*
	cpe:2.3:a:oracle:mysql:3.23.48:::::::*
	cpe:2.3:a:oracle:mysql:3.23.49:::::::*
	cpe:2.3:a:oracle:mysql:3.23.50:::::::*
	cpe:2.3:a:oracle:mysql:3.23.51:::::::*
	cpe:2.3:a:oracle:mysql:3.23.52:::::::*
	cpe:2.3:a:oracle:mysql:3.23.53:::::::*
	cpe:2.3:a:oracle:mysql:3.23.53a:::::::*
	cpe:2.3:a:oracle:mysql:3.23.54:::::::*
	cpe:2.3:a:oracle:mysql:3.23.54a:::::::*
	cpe:2.3:a:oracle:mysql:3.23.55:::::::*
	cpe:2.3:a:oracle:mysql:3.23.56:::::::*
	cpe:2.3:a:oracle:mysql:3.23.58:::::::*
	cpe:2.3:a:oracle:mysql:3.23.59:::::::*
	cpe:2.3:a:oracle:mysql:4.0.0:::::::*
	cpe:2.3:a:oracle:mysql:4.0.1:::::::*
	cpe:2.3:a:oracle:mysql:4.0.2:::::::*
	cpe:2.3:a:oracle:mysql:4.0.3:::::::*
cpe:2.3:a:oracle:mysql:4.0.4:::::::*
cpe:2.3:a:oracle:mysql:4.0.5:::::::*
cpe:2.3:a:oracle:mysql:4.0.5a:::::::*
cpe:2.3:a:oracle:mysql:4.0.6:::::::*
cpe:2.3:a:oracle:mysql:4.0.7:::::::*
cpe:2.3:a:oracle:mysql:4.0.7:gamma::::::
cpe:2.3:a:oracle:mysql:4.0.8:::::::*
cpe:2.3:a:oracle:mysql:4.0.8:gamma::::::
cpe:2.3:a:oracle:mysql:4.0.9:::::::*
cpe:2.3:a:oracle:mysql:4.0.9:gamma::::::
cpe:2.3:a:oracle:mysql:4.0.10:::::::*
cpe:2.3:a:oracle:mysql:4.0.11:::::::*
cpe:2.3:a:oracle:mysql:4.0.11:gamma::::::
cpe:2.3:a:oracle:mysql:4.0.12:::::::*
cpe:2.3:a:oracle:mysql:4.0.13:::::::*
cpe:2.3:a:oracle:mysql:4.0.14:::::::*
cpe:2.3:a:oracle:mysql:4.0.15:::::::*
cpe:2.3:a:oracle:mysql:4.0.18:::::::*
cpe:2.3:a:oracle:mysql:4.0.20:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:3.0::advanced_server:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::enterprise_server:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::workstation_server:::::
	cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:::::::*
	cpe:2.3:o:suse:suse_linux:8.0:::::::*
	cpe:2.3:o:suse:suse_linux:8.1:::::::*
	cpe:2.3:o:suse:suse_linux:8.2:::::::*
	cpe:2.3:o:suse:suse_linux:9.0:::::::*
	cpe:2.3:o:suse:suse_linux:9.0::x86_64:::::
	cpe:2.3:o:suse:suse_linux:9.1:::::::*
	cpe:2.3:o:suse:suse_linux:9.2:::::::*
	cpe:2.3:o:trustix:secure_linux:1.5:::::::*
	cpe:2.3:o:trustix:secure_linux:2.0:::::::*
	cpe:2.3:o:trustix:secure_linux:2.1:::::::*
	cpe:2.3:o:ubuntu:ubuntu_linux:4.1::ia64:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:4.1::ppc:::::

History

No history.

Information

Published : 2005-02-09 05:00

Updated : 2024-02-28 10:42

NVD link : CVE-2004-0957

Mitre link : CVE-2004-0957

CVE.ORG link : CVE-2004-0957

JSON object : View

Products Affected

redhat

enterprise_linux
enterprise_linux_desktop

suse

suse_linux

ubuntu

ubuntu_linux

oracle

mysql

openpkg

openpkg

trustix

secure_linux

CWE

NVD-CWE-noinfo

6.8 /10