PT-2004-1975 · Mysql Server · Mysql Server

Sergei Golubchik

Published

2004-10-21

Updated

2019-12-17

CVE-2004-0957

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: MySQL versions 3.23.58 and earlier

Description: A local user with privileges for a database whose name includes a " " (underscore) can grant privileges to other databases with similar names, allowing unauthorized activities.

Recommendations: For MySQL versions 3.23.58 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0957

DSA-707-1

Affected Products

Mysql Server

PT-2004-1975 · Mysql Server · Mysql Server

CVE-2004-0957

Related Identifiers

Affected Products

References · 9