Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 69851

Summary: MySQL Database Unauthorized GRANT Privilege Vulnerability
Product: Gentoo Security Reporter: Robert Muchacki (RETIRED) <muchar>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.securityfocus.com/bid/11435
Whiteboard:
Package list:
Runtime testing required: ---

Description Robert Muchacki (RETIRED) gentoo-dev 2004-11-02 09:04:02 UTC 
It is reported that MySQL is susceptible to an unauthorized database GRANT privilege vulnerability. This issue is due to a failure of the application to ensure that users have sufficient privileges to issue the GRANT command.

By exploiting this vulnerability, attackers may reportedly be able to gain unauthorized access to databases. This may allow them to read or modify the contents of potentially sensitive databases located on the same database server.

Versions of MySQL prior to 4.0.21 are reported vulnerable to this issue.


Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2004-11-02 09:12:21 UTC 

*** This bug has been marked as a duplicate of 67062 ***
Comment 2 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2004-11-02 09:14:46 UTC 
this has already been fixed. update to >= mysql-4.0.21.

glsa issued as:

http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml


*** This bug has been marked as a duplicate of 67062 ***

*** This bug has been marked as a duplicate of 67062 ***