FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mysql -- database "case-sensitive" privilege escalation

Affected packages
5.1 <= mysql-server < 5.1.12
5.0 <= mysql-server < 5.0.25
mysql-server < 4.1.21

Details

VuXML ID a0e92718-6603-11db-ab90-000e35fd8194
Discovery 2006-08-09
Entry 2006-10-29

Michal Prokopiuk reports a privilege escalation in MySQL. The vulnerability causes MySQL, when run on case-sensitive filesystems, to allow remote and local authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.

References

Bugtraq ID 19559
CVE Name CVE-2006-4226
URL http://bugs.mysql.com/bug.php?id=17647