CVE-2004-0835
MySQL <3.23.59, <4.0.19, <4.1.2, <5.0.1 - Privilege Escalation
Title source: llmDescription
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Oleksandr Byelkin · textremotelinux
https://www.exploit-db.com/exploits/24669
References (16)
Core 16
Core References
Exploit, Vendor Advisory x_refsource_misc
http://bugs.mysql.com/bug.php?id=3270
Vendor Advisory x_refsource_confirm
http://www.mysql.org/doc/refman/4.1/en/news-4-1-2.html
Patch, Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-611.html
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/12783/
Patch, Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2004/dsa-562
Broken Link vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1
Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11357
Broken Link vendor-advisory
x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892
Vendor Advisory x_refsource_confirm
http://www.mysql.org/doc/refman/4.1/en/news-4-0-19.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17666
Patch, Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-597.html
Broken Link third-party-advisory
government-resource
x_refsource_ciac
http://www.ciac.org/ciac/bulletins/p-018.shtml
Patch, Vendor Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml
Vendor Advisory vendor-advisory
x_refsource_trustix
http://www.trustix.org/errata/2004/0054/
Vendor Advisory x_refsource_misc
http://lists.mysql.com/internals/13073
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1011606
Scores
EPSS
0.0457
EPSS Percentile
89.3%
Details
Status
published
Products (3)
debian/debian_linux
3.0
mysql/mysql
4.1.0 - 4.1.2
oracle/mysql
3.20 - 3.23.59
Published
Nov 03, 2004
Tracked Since
Feb 18, 2026