FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mysql -- erroneous access restrictions applied to table renames

Affected packages
mysql-server <= 3.23.58_3
4.* <= mysql-server < 4.0.21

Details

VuXML ID 035d17b2-484a-11d9-813c-00065be4b5b6
Discovery 2004-03-23
Entry 2004-12-16
Modified 2005-03-15

A Red Hat advisory reports:

Oleksandr Byelkin discovered that "ALTER TABLE ... RENAME" checked the CREATE/INSERT rights of the old table instead of the new one.

[source]

Table access restrictions, on the affected MySQL servers, may accidently or intentially be bypassed due to this bug.

References

Bugtraq ID 11357
CVE Name CVE-2004-0835
URL http://bugs.mysql.com/bug.php?id=3270
URL http://rhn.redhat.com/errata/RHSA-2004-611.html
URL http://xforce.iss.net/xforce/xfdb/17666

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.