FreeBSD : mysql -- GRANT access restriction problem (01c231cd-4393-11d9-8bb9-00065be4b5b6)

Medium Nessus Plugin ID 18817


The remote FreeBSD host is missing one or more security-related updates.


When a user is granted access to a database with a name containing an underscore and the underscore is not escaped then that user might also be able to access other, similarly named, databases on the affected system.

The problem is that the underscore is seen as a wildcard by MySQL and therefore it is possible that an admin might accidentally GRANT a user access to multiple databases.


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 18817

File Name: freebsd_pkg_01c231cd439311d98bb900065be4b5b6.nasl

Version: $Revision: 1.20 $

Type: local

Published: 2005/07/13

Modified: 2015/05/13

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mysql-server, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 2004/12/16

Vulnerability Publication Date: 2004/03/29

Reference Information

CVE: CVE-2004-0957

BID: 11435