Description
Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17783
Vendor Advisory vendor-advisory
x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-611.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-707
Vendor Advisory vendor-advisory
x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2005:070
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://www.ubuntu.com/usn/usn-32-1/
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-597.html
Third Party Advisory, US Government Resource third-party-advisory
government-resource
x_refsource_ciac
http://www.ciac.org/ciac/bulletins/p-018.shtml
Scores
EPSS
0.0048
EPSS Percentile
65.2%
Details
Status
published
Products (49)
openpkg/openpkg
2.1
openpkg/openpkg
2.2
openpkg/openpkg
current
oracle/mysql
3.20
oracle/mysql
3.20.32a
oracle/mysql
3.21
oracle/mysql
3.22
oracle/mysql
3.22.26
oracle/mysql
3.22.27
oracle/mysql
3.22.28
... and 39 more
Published
Feb 09, 2005
Tracked Since
Feb 18, 2026