It is reported that MySQL is susceptible to an unauthorized database GRANT privilege vulnerability. This issue is due to a failure of the application to ensure that users have sufficient privileges to issue the GRANT command. By exploiting this vulnerability, attackers may reportedly be able to gain unauthorized access to databases. This may allow them to read or modify the contents of potentially sensitive databases located on the same database server. Versions of MySQL prior to 4.0.21 are reported vulnerable to this issue. Reproducible: Always Steps to Reproduce: 1. 2. 3.
*** This bug has been marked as a duplicate of 67062 ***
this has already been fixed. update to >= mysql-4.0.21. glsa issued as: http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml *** This bug has been marked as a duplicate of 67062 *** *** This bug has been marked as a duplicate of 67062 ***