CVE-2004-0835

Severity

75%

Complexity

99%

Confidentiality

106%

MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.

MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 20 years ago

2004-11-03 05:00:00

Last updated 5 years ago

2019-10-07 16:42:00

Affected Software

MySQL MySQL

Oracle MySQL -

Debian Debian Linux 3.0

3.0

References

http://bugs.mysql.com/bug.php?id=3270

Exploit, Vendor Advisory

CLA-2004:892

Broken Link

http://lists.mysql.com/internals/13073

Vendor Advisory

12783

Patch, Vendor Advisory

1011606

Third Party Advisory, VDB Entry

101864

Broken Link

P-018

Broken Link

DSA-562

Patch, Third Party Advisory

GLSA-200410-22

Patch, Vendor Advisory

http://www.mysql.org/doc/refman/4.1/en/news-4-0-19.html

Vendor Advisory

http://www.mysql.org/doc/refman/4.1/en/news-4-1-2.html

Vendor Advisory

RHSA-2004:597

Patch, Vendor Advisory

RHSA-2004:611

Patch, Vendor Advisory

11357

Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory

2004-0054

Vendor Advisory

mysql-alter-restriction-bypass(17666)

Third Party Advisory, VDB Entry

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.