CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
7.7 | $0-$5k | 0.00 |
A vulnerability was found in Sun MySQL 3.23.59/4.0.21 (Database Software). It has been classified as critical. This affects an unknown code of the component Table Rename Handler. The manipulation with the input value ALTER TABLE ... RENAME
leads to a privileges management vulnerability. CWE is classifying the issue as CWE-269. The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.
The bug was discovered 10/11/2004. The weakness was shared 10/11/2004 by Oleksandr Byelkin with MySQL Team (Website). It is possible to read the advisory at bugs.mysql.com. This vulnerability is uniquely identified as CVE-2004-0835 since 09/08/2004. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details and a exploit are known. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.
The exploit is shared for download at bugs.mysql.com. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 19452 (Solaris 10 (x86) : 120293-02 (deprecated)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Solaris Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 19104 (MySQL Multiple Local Vulnerabilities).
Upgrading eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at dev.mysql.com. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (17666) and Tenable (19452). Further details are available at debian.org. The entry 882 is related to this item.
Product
Type
Vendor
Name
Version
License
Support
- end of life
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.6VulDB Meta Temp Score: 7.7
VulDB Base Score: 8.6
VulDB Temp Score: 7.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Privileges managementCWE: CWE-269 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Nessus ID: 19452
Nessus Name: Solaris 10 (x86) : 120293-02 (deprecated)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Nessus Port: 🔍
OpenVAS ID: 53251
OpenVAS Name: Debian Security Advisory DSA 562-1 (mysql)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: dev.mysql.com
Timeline
09/08/2004 🔍10/08/2004 🔍
10/11/2004 🔍
10/11/2004 🔍
10/11/2004 🔍
10/11/2004 🔍
10/11/2004 🔍
10/11/2004 🔍
10/11/2004 🔍
10/13/2004 🔍
10/17/2004 🔍
11/03/2004 🔍
08/18/2005 🔍
06/29/2019 🔍
Sources
Vendor: oracle.comAdvisory: bugs.mysql.com
Researcher: Oleksandr Byelkin
Organization: MySQL Team
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2004-0835 (🔍)
X-Force: 17666 - MySQL ALTER TABLE RENAME bypass restriction, Low Risk
SecurityTracker: 1011606
Vulnerability Center: 5569 - MySQL 3.23.2 - 3.23.58, 4.0.18 Allows Bypassing Security Restrictions via ALTER TABLE RENAME, Medium
SecurityFocus: 11357 - MySQL Multiple Local Vulnerabilities
Secunia: 12783 - MySQL Multiple Vulnerabilities, Less Critical
OSVDB: 10660 - MySQL ALTER TABLE/RENAME Forces Old Permission Checks
Misc.: 🔍
See also: 🔍
Entry
Created: 10/13/2004 12:13Updated: 06/29/2019 15:04
Changes: 10/13/2004 12:13 (106), 06/29/2019 15:04 (1)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.