CVE-2004-0835

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.

References

http://bugs.mysql.com/bug.php?id=3270

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892

http://lists.mysql.com/internals/13073

http://secunia.com/advisories/12783/

http://securitytracker.com/id?1011606

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1

http://www.ciac.org/ciac/bulletins/p-018.shtml

http://www.debian.org/security/2004/dsa-562

http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml

http://www.mysql.org/doc/refman/4.1/en/news-4-0-19.html

http://www.mysql.org/doc/refman/4.1/en/news-4-1-2.html

http://www.redhat.com/support/errata/RHSA-2004-597.html

http://www.redhat.com/support/errata/RHSA-2004-611.html

http://www.securityfocus.com/bid/11357

http://www.trustix.org/errata/2004/0054/

https://exchange.xforce.ibmcloud.com/vulnerabilities/17666

Details

Source: MITRE

Published: 2004-11-03

Updated: 2019-10-07

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:* versions from 4.1.0 to 4.1.2 (inclusive)

cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:* versions from 5.0.0 to 5.0.1 (inclusive)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
107863Solaris 10 (x86) : 120293-02NessusSolaris Local Security Checks
high
107361Solaris 10 (sparc) : 120292-02NessusSolaris Local Security Checks
high
19452Solaris 10 (x86) : 120293-02 (deprecated)NessusSolaris Local Security Checks
high
19447Solaris 10 (sparc) : 120292-02 (deprecated)NessusSolaris Local Security Checks
high
18823FreeBSD : mysql -- erroneous access restrictions applied to table renames (035d17b2-484a-11d9-813c-00065be4b5b6)NessusFreeBSD Local Security Checks
high
15660Debian DSA-562-1 : mysql - several vulnerabilitiesNessusDebian Local Security Checks
critical
15631RHEL 3 : mysql-server (RHSA-2004:611)NessusRed Hat Local Security Checks
critical
15599Mandrake Linux Security Advisory : MySQL (MDKSA-2004:119)NessusMandriva Local Security Checks
critical
15558GLSA-200410-22 : MySQL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
15536RHEL 2.1 : mysql (RHSA-2004:597)NessusRed Hat Local Security Checks
critical
2362Oracle MySQL < 4.0.21 Multiple Vulnerabilities (2)Nessus Network MonitorDatabase
high
2361Oracle MySQL < 3.23.59 Multiple Vulnerabilities (2)Nessus Network MonitorDatabase
high
15449MySQL < 3.23.59 / 4.0.21 Multiple VulnerabilitiesNessusDatabases
high
2129Oracle MySQL Mysqlhotcopy Script Insecure Temporary File CreationNessus Network MonitorDatabase
high
801162MySQL Mysqlhotcopy Script Insecure Temporary File CreationLog Correlation EngineDatabase
medium
801151MySQL < 3.23.59 Multiple Vulnerabilities (2)Log Correlation EngineDatabase
high
801124MySQL < 4.0.21 Multiple Vulnerabilities (2)Log Correlation EngineDatabase
high