Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2004-0957

Published: 09/02/2005 Updated: 17/12/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Oracle

Vulnerability Summary

Unknown vulnerability in MySQL 3.23.58 and previous versions, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.

Vulnerable Product Search on Vulmon Subscribe to Product

oracle mysql 3.21

oracle mysql 3.22

oracle mysql 3.23

oracle mysql 3.23.10

oracle mysql 3.23.27

oracle mysql 3.23.28

oracle mysql 3.23.34

oracle mysql 3.23.36

oracle mysql 3.23.42

oracle mysql 3.23.43

oracle mysql 3.23.5

oracle mysql 3.23.50

oracle mysql 3.23.56

oracle mysql 3.23.58

oracle mysql 4.0.11

oracle mysql 4.0.20

oracle mysql 4.0.3

oracle mysql 3.22.28

oracle mysql 3.22.29

oracle mysql 3.23.23

oracle mysql 3.23.24

oracle mysql 3.23.3

oracle mysql 3.23.30

oracle mysql 3.23.31

oracle mysql 3.23.39

oracle mysql 3.23.4

oracle mysql 3.23.46

oracle mysql 3.23.47

oracle mysql 3.23.53a

oracle mysql 3.23.54

oracle mysql 3.23.9

oracle mysql 4.0.0

oracle mysql 4.0.14

oracle mysql 4.0.15

oracle mysql 4.0.6

oracle mysql 4.0.7

openpkg openpkg 2.2

openpkg openpkg current

oracle mysql 3.20

oracle mysql 3.20.32a

oracle mysql 3.22.30

oracle mysql 3.22.32

oracle mysql 3.23.25

oracle mysql 3.23.26

oracle mysql 3.23.32

oracle mysql 3.23.33

oracle mysql 3.23.40

oracle mysql 3.23.41

oracle mysql 3.23.48

oracle mysql 3.23.49

oracle mysql 3.23.54a

oracle mysql 3.23.55

oracle mysql 4.0.1

oracle mysql 4.0.10

oracle mysql 4.0.18

oracle mysql 4.0.2

oracle mysql 4.0.8

oracle mysql 4.0.4

oracle mysql 4.0.9

oracle mysql 3.22.26

oracle mysql 3.22.27

oracle mysql 3.23.2

oracle mysql 3.23.22

oracle mysql 3.23.29

oracle mysql 3.23.37

oracle mysql 3.23.38

oracle mysql 3.23.44

oracle mysql 3.23.45

oracle mysql 3.23.51

oracle mysql 3.23.52

oracle mysql 3.23.53

oracle mysql 3.23.59

oracle mysql 3.23.8

oracle mysql 4.0.12

oracle mysql 4.0.13

oracle mysql 4.0.5

oracle mysql 4.0.5a

openpkg openpkg 2.1

suse suse linux 8.1

suse suse linux 8.2

ubuntu ubuntu linux 4.1

redhat enterprise linux 3.0

suse suse linux 9.0

suse suse linux 9.1

suse suse linux 9.2

trustix secure linux 1.5

redhat enterprise linux desktop 3.0

suse suse linux 8.0

trustix secure linux 2.0

trustix secure linux 2.1

Vendor Advisories

Red Hat: mysql-server security update
Synopsis mysql-server security update Type/Severity Security Advisory: Important Topic An updated mysql-server package that fixes various security issues is nowavailable in the Red Hat Enterprise Linux 3 Extras channel of Red Hat Network Description MySQL is a multi-user, multi-threaded SQ ...
Red Hat: mysql security update
Synopsis mysql security update Type/Severity Security Advisory: Important Topic Updated mysql packages that fix various security issues, as well as anumber of bugs, are now available for Red Hat Enterprise Linux 21 Description MySQL is a multi-user, multi-threaded SQL database serverA nu ...
Ubuntu Security Notice: mysql-dfsg vulnerabilities
Several vulnerabilities have been discovered in the MySQL database server ...
Ubuntu Security Notice: mysql-dfsg vulnerability
USN-32-1 fixed a database privilege escalation vulnerability; original advisory text: ...
Debian Security Advisories: DSA-707-1 mysql -- several vulnerabilities
Several vulnerabilities have been discovered in MySQL, a popular database The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2004-0957 Sergei Golubchik discovered a problem in the access handling for similar named databases If a user is granted privileges to a database with a name containing an un ...

References

NVD-CWE-noinfohttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947http://www.debian.org/security/2005/dsa-707http://www.redhat.com/support/errata/RHSA-2004-597.htmlhttp://www.redhat.com/support/errata/RHSA-2004-611.htmlhttp://www.ciac.org/ciac/bulletins/p-018.shtmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:070https://www.ubuntu.com/usn/usn-32-1/https://exchange.xforce.ibmcloud.com/vulnerabilities/17783https://access.redhat.com/errata/RHSA-2004:611https://usn.ubuntu.com/32-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook