MySQL Privilege Escalation via COM_CHANGE_USER Command
CVE-2002-1374

Currently unrated

Key Information:

Vendor

Symantec Veritas

Status
Netbackup Global Data Manager
Netbackup Advanced Reporter
Mysql
Vendor
CVE Published:
23 December 2002

What is CVE-2002-1374?

The COM_CHANGE_USER command in certain MySQL versions is susceptible to exploitation through brute force methods. Attackers can manipulate the command using a one-character password, which results in MySQL only verifying the first character of the real password. This flaw may allow unauthorized users to gain elevated privileges, posing a serious security risk for database operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://marc.info/?l=bugtraq&m=103971644013961&w=2
mailing-listx_refsource_BUGTRAQ
http://marc.info/?l=bugtraq&m=104005886114500&w=2
mailing-listx_refsource_BUGTRAQ
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio...
vendor-advisoryx_refsource_CONECTIVA

EPSS Score

25% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.