Vulnerability CVE-2004-0835 - CERT Civis.Net

Vulnerability Name:

CVE-2004-0835 (CCN-17666)

Assigned:

2004-10-11

Published:

2004-10-11

Updated:

2019-10-07

Summary:

MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Bypass Security

References:

Source: CCN
Type: MySQL Bugs: #3270
ALTER TABLE ... RENAME do not check rights of target table

Source: MISC
Type: Exploit, Vendor Advisory
http://bugs.mysql.com/bug.php?id=3270

Source: MITRE
Type: CNA
CVE-2004-0835

Source: CONECTIVA
Type: Broken Link
CLA-2004:892

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2004:892
Fixes for several mysql vulnerabilities

Source: MISC
Type: Vendor Advisory
http://lists.mysql.com/internals/13073

Source: CCN
Type: RHSA-2004-597
mysql security update

Source: CCN
Type: RHSA-2004-611
mysql-server security update

Source: CCN
Type: SA12783
MySQL Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
12783

Source: CCN
Type: SECTRACK ID: 1011606
MySQL May Let Remote Authenticated Users Access Restricted Tables or Crash the System

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1011606

Source: SUNALERT
Type: Broken Link
101864

Source: CCN
Type: Sun Alert ID: 201658
Multiple Security Vulnerabilities in The "MySQL" Package

Source: CCN
Type: CIAC Information Bulletin P-018
Red Hat Update MySQL Packages Fix Security Issues and Bugs

Source: CIAC
Type: Broken Link
P-018

Source: DEBIAN
Type: Patch, Third Party Advisory
DSA-562

Source: DEBIAN
Type: DSA-562
mysql -- several vulnerabilities

Source: CCN
Type: GLSA-200410-22
MySQL: Multiple vulnerabilities

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200410-22

Source: CCN
Type: MySQL Web site
MySQL:The World's Most Popular Open Source Database

Source: CONFIRM
Type: Vendor Advisory
http://www.mysql.org/doc/refman/4.1/en/news-4-0-19.html

Source: CONFIRM
Type: Vendor Advisory
http://www.mysql.org/doc/refman/4.1/en/news-4-1-2.html

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2004:597

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2004:611

Source: BID
Type: Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
11357

Source: CCN
Type: BID-11357
MySQL Multiple Local Vulnerabilities

Source: CCN
Type: Trustix Secure Linux Security Advisory #2004-0054
Multiple security vulnerabilities

Source: TRUSTIX
Type: Vendor Advisory
2004-0054

Source: CCN
Type: TLSA-2005-23
Multiple vulnerabilities have been discovered in MySQL

Source: XF
Type: Third Party Advisory, VDB Entry
mysql-alter-restriction-bypass(17666)

Source: XF
Type: UNKNOWN
mysql-alter-restriction-bypass(17666)

Source: SUSE
Type: SUSE-SR:2004:001
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:mysql:mysql:*:*:*:*:*:*:*:* (Version >= 4.1.0 and <= 4.1.2)

OR cpe:/a:mysql:mysql:*:*:*:*:*:*:*:* (Version >= 5.0.0 and <= 5.0.1)

OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version > 3.20 and < 3.23.59)

OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 4.0.0 and < 4.0.19)

Configuration 2:

cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:hp:hp-ux:10.20:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.8:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.49:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.54:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.18:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.17:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.10:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.22:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.23:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.25:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.26:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.27:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.28:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.28:gamma:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.29:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.30:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.31:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.32:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.33:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.34:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.36:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.37:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.38:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.39:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.40:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.41:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.42:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.43:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.44:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.45:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.46:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.47:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.48:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.5:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.50:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.51:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.52:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.53:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.53a:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.54a:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.55:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.56:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.58:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.9:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.10:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.11:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.12:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.13:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.14:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.15:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.0:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.11:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.0:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*

AND

cpe:/o:sco:openserver:*:*:*:*:*:*:*:*

OR cpe:/o:sun:solaris:2.6::sparc:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:3.0:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*

OR cpe:/o:sgi:irix:6.0:*:*:*:*:*:*:*

OR cpe:/o:netbsd:netbsd:1.3:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:2.0:*:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:2.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:4:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*

OR cpe:/o:netbsd:netbsd:1.4:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:4.0:*:*:*:*:*:*:*

OR cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:5.7:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:redhat:linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*

OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora_core:4:*:*:*:*:*:*:*

OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora_core:2:*:*:*:*:*:*:*

OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora_core:3:*:*:*:*:*:*:*

OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20040835	V	CVE-2004-0835	2015-11-16
oval:org.debian:def:562	V	several vulnerabilities	2004-10-11