69851 – MySQL Database Unauthorized GRANT Privilege Vulnerability

Bug 69851 - MySQL Database Unauthorized GRANT Privilege Vulnerability

Summary: MySQL Database Unauthorized GRANT Privilege Vulnerability

Status:	RESOLVED DUPLICATE of bug 67062

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://www.securityfocus.com/bid/11435
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-11-02 09:04 UTC by Robert Muchacki (RETIRED)
Modified:	2005-07-17 13:06 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Muchacki (RETIRED) gentoo-dev

2004-11-02 09:04:02 UTC

It is reported that MySQL is susceptible to an unauthorized database GRANT privilege vulnerability. This issue is due to a failure of the application to ensure that users have sufficient privileges to issue the GRANT command.

By exploiting this vulnerability, attackers may reportedly be able to gain unauthorized access to databases. This may allow them to read or modify the contents of potentially sensitive databases located on the same database server.

Versions of MySQL prior to 4.0.21 are reported vulnerable to this issue.


Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2004-11-02 09:12:21 UTC


*** This bug has been marked as a duplicate of 67062 ***

Comment 2 Rajiv Aaron Manglani (RETIRED) gentoo-dev

2004-11-02 09:14:46 UTC

this has already been fixed. update to >= mysql-4.0.21.

glsa issued as:

http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml


*** This bug has been marked as a duplicate of 67062 ***

*** This bug has been marked as a duplicate of 67062 ***