Remote Code Execution Vulnerability in MySQL Server
CVE-2002-1375

Currently unrated

Key Information:

Vendor: Symantec Veritas
Status: Netbackup Global Data Manager; Netbackup Advanced Reporter; Mysql
Vendor: CVE Published:; 23 December 2002

🔔 Create Symantec Veritas Vulnerability Alert

What is CVE-2002-1375?

The COM_CHANGE_USER command in MySQL versions prior to 3.23.54 and from 4.0.0 to 4.0.6 contains a vulnerability that permits remote attackers to take control of affected systems. By sending a specially crafted response, attackers can execute arbitrary code, jeopardizing the integrity and security of the database server. It is crucial for administrators to apply security updates and patches to mitigate this risk effectively.

References

http://marc.info/?l=bugtraq&m=103971644013961&w=2

mailing-listx_refsource_BUGTRAQ

http://marc.info/?l=bugtraq&m=104005886114500&w=2

mailing-listx_refsource_BUGTRAQ

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio...

vendor-advisoryx_refsource_CONECTIVA

EPSS Score

15% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2002
Vulnerability Reserved
Dec 16, 2002