Vulnerability Details CVE-2004-0835
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.036
EPSS Ranking 87.3%
CVSS Severity
CVSS v2 Score 7.5
References
- http://bugs.mysql.com/bug.php?id=3270
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892
- http://lists.mysql.com/internals/13073
- http://secunia.com/advisories/12783/
- http://securitytracker.com/id?1011606
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1
- http://www.ciac.org/ciac/bulletins/p-018.shtml
- http://www.debian.org/security/2004/dsa-562
- http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml
- http://www.mysql.org/doc/refman/4.1/en/news-4-0-19.html
- http://www.mysql.org/doc/refman/4.1/en/news-4-1-2.html
- http://www.redhat.com/support/errata/RHSA-2004-597.html
- http://www.redhat.com/support/errata/RHSA-2004-611.html
- http://www.securityfocus.com/bid/11357
- http://www.trustix.org/errata/2004/0054/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17666
- http://bugs.mysql.com/bug.php?id=3270
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892
- http://lists.mysql.com/internals/13073
- http://secunia.com/advisories/12783/
- http://securitytracker.com/id?1011606
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1
- http://www.ciac.org/ciac/bulletins/p-018.shtml
- http://www.debian.org/security/2004/dsa-562
- http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml
- http://www.mysql.org/doc/refman/4.1/en/news-4-0-19.html
- http://www.mysql.org/doc/refman/4.1/en/news-4-1-2.html
- http://www.redhat.com/support/errata/RHSA-2004-597.html
- http://www.redhat.com/support/errata/RHSA-2004-611.html
- http://www.securityfocus.com/bid/11357
- http://www.trustix.org/errata/2004/0054/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17666
Products affected by CVE-2004-0835
-
cpe:2.3:a:mysql:mysql:4.1.0
-
cpe:2.3:a:mysql:mysql:4.1.0.0
-
cpe:2.3:a:mysql:mysql:4.1.1
-
cpe:2.3:a:mysql:mysql:4.1.2
-
cpe:2.3:a:mysql:mysql:5.0.0
-
cpe:2.3:a:mysql:mysql:5.0.0.0
-
cpe:2.3:a:mysql:mysql:5.0.1
-
cpe:2.3:a:oracle:mysql:3.20.32a
-
cpe:2.3:a:oracle:mysql:3.21
-
cpe:2.3:a:oracle:mysql:3.22
-
cpe:2.3:a:oracle:mysql:3.22.26
-
cpe:2.3:a:oracle:mysql:3.22.27
-
cpe:2.3:a:oracle:mysql:3.22.28
-
cpe:2.3:a:oracle:mysql:3.22.29
-
cpe:2.3:a:oracle:mysql:3.22.30
-
cpe:2.3:a:oracle:mysql:3.22.32
-
cpe:2.3:a:oracle:mysql:3.23
-
cpe:2.3:a:oracle:mysql:3.23.0
-
cpe:2.3:a:oracle:mysql:3.23.1
-
cpe:2.3:a:oracle:mysql:3.23.10
-
cpe:2.3:a:oracle:mysql:3.23.11
-
cpe:2.3:a:oracle:mysql:3.23.12
-
cpe:2.3:a:oracle:mysql:3.23.13
-
cpe:2.3:a:oracle:mysql:3.23.14
-
cpe:2.3:a:oracle:mysql:3.23.15
-
cpe:2.3:a:oracle:mysql:3.23.16
-
cpe:2.3:a:oracle:mysql:3.23.17
-
cpe:2.3:a:oracle:mysql:3.23.18
-
cpe:2.3:a:oracle:mysql:3.23.19
-
cpe:2.3:a:oracle:mysql:3.23.2
-
cpe:2.3:a:oracle:mysql:3.23.20
-
cpe:2.3:a:oracle:mysql:3.23.21
-
cpe:2.3:a:oracle:mysql:3.23.22
-
cpe:2.3:a:oracle:mysql:3.23.23
-
cpe:2.3:a:oracle:mysql:3.23.24
-
cpe:2.3:a:oracle:mysql:3.23.25
-
cpe:2.3:a:oracle:mysql:3.23.26
-
cpe:2.3:a:oracle:mysql:3.23.27
-
cpe:2.3:a:oracle:mysql:3.23.28
-
cpe:2.3:a:oracle:mysql:3.23.29
-
cpe:2.3:a:oracle:mysql:3.23.3
-
cpe:2.3:a:oracle:mysql:3.23.30
-
cpe:2.3:a:oracle:mysql:3.23.31
-
cpe:2.3:a:oracle:mysql:3.23.32
-
cpe:2.3:a:oracle:mysql:3.23.33
-
cpe:2.3:a:oracle:mysql:3.23.34
-
cpe:2.3:a:oracle:mysql:3.23.35
-
cpe:2.3:a:oracle:mysql:3.23.36
-
cpe:2.3:a:oracle:mysql:3.23.37
-
cpe:2.3:a:oracle:mysql:3.23.38
-
cpe:2.3:a:oracle:mysql:3.23.39
-
cpe:2.3:a:oracle:mysql:3.23.4
-
cpe:2.3:a:oracle:mysql:3.23.40
-
cpe:2.3:a:oracle:mysql:3.23.41
-
cpe:2.3:a:oracle:mysql:3.23.42
-
cpe:2.3:a:oracle:mysql:3.23.43
-
cpe:2.3:a:oracle:mysql:3.23.44
-
cpe:2.3:a:oracle:mysql:3.23.45
-
cpe:2.3:a:oracle:mysql:3.23.46
-
cpe:2.3:a:oracle:mysql:3.23.47
-
cpe:2.3:a:oracle:mysql:3.23.48
-
cpe:2.3:a:oracle:mysql:3.23.49
-
cpe:2.3:a:oracle:mysql:3.23.5
-
cpe:2.3:a:oracle:mysql:3.23.50
-
cpe:2.3:a:oracle:mysql:3.23.51
-
cpe:2.3:a:oracle:mysql:3.23.52
-
cpe:2.3:a:oracle:mysql:3.23.53
-
cpe:2.3:a:oracle:mysql:3.23.53a
-
cpe:2.3:a:oracle:mysql:3.23.54
-
cpe:2.3:a:oracle:mysql:3.23.54a
-
cpe:2.3:a:oracle:mysql:3.23.55
-
cpe:2.3:a:oracle:mysql:3.23.56
-
cpe:2.3:a:oracle:mysql:3.23.57
-
cpe:2.3:a:oracle:mysql:3.23.58
-
cpe:2.3:a:oracle:mysql:3.23.6
-
cpe:2.3:a:oracle:mysql:3.23.7
-
cpe:2.3:a:oracle:mysql:3.23.8
-
cpe:2.3:a:oracle:mysql:3.23.9
-
cpe:2.3:a:oracle:mysql:4.0.0
-
cpe:2.3:a:oracle:mysql:4.0.1
-
cpe:2.3:a:oracle:mysql:4.0.10
-
cpe:2.3:a:oracle:mysql:4.0.11
-
cpe:2.3:a:oracle:mysql:4.0.12
-
cpe:2.3:a:oracle:mysql:4.0.13
-
cpe:2.3:a:oracle:mysql:4.0.14
-
cpe:2.3:a:oracle:mysql:4.0.15
-
cpe:2.3:a:oracle:mysql:4.0.16
-
cpe:2.3:a:oracle:mysql:4.0.17
-
cpe:2.3:a:oracle:mysql:4.0.18
-
cpe:2.3:a:oracle:mysql:4.0.2
-
cpe:2.3:a:oracle:mysql:4.0.3
-
cpe:2.3:a:oracle:mysql:4.0.4
-
cpe:2.3:a:oracle:mysql:4.0.5
-
cpe:2.3:a:oracle:mysql:4.0.5a
-
cpe:2.3:a:oracle:mysql:4.0.6
-
cpe:2.3:a:oracle:mysql:4.0.7
-
cpe:2.3:a:oracle:mysql:4.0.8
-
cpe:2.3:a:oracle:mysql:4.0.9
-
cpe:2.3:o:debian:debian_linux:3.0