MySQL Privilege Escalation via COM_CHANGE_USER Command
CVE-2002-1374

Currently unrated

Key Information:

Vendor
Symantec Veritas
Status
Netbackup Global Data Manager
Netbackup Advanced Reporter
Mysql
Vendor
CVE Published:
23 December 2002

Summary

The COM_CHANGE_USER command in certain MySQL versions is susceptible to exploitation through brute force methods. Attackers can manipulate the command using a one-character password, which results in MySQL only verifying the first character of the real password. This flaw may allow unauthorized users to gain elevated privileges, posing a serious security risk for database operations.

References

http://marc.info/?l=bugtraq&m=103971644013961&w=2
mailing-listx_refsource_BUGTRAQ
http://marc.info/?l=bugtraq&m=104005886114500&w=2
mailing-listx_refsource_BUGTRAQ
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio...
vendor-advisoryx_refsource_CONECTIVA

EPSS Score

25% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2002-1374 : MySQL Privilege Escalation via COM_CHANGE_USER Command | SecurityVulnerability.io