FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mysql -- erroneous access restrictions applied to table renames

Affected packages
mysql-server <= 3.23.58_3
4.* <= mysql-server < 4.0.21

Details

VuXML ID 035d17b2-484a-11d9-813c-00065be4b5b6
Discovery 2004-03-23
Entry 2004-12-16
Modified 2005-03-15

A Red Hat advisory reports:

Oleksandr Byelkin discovered that "ALTER TABLE ... RENAME" checked the CREATE/INSERT rights of the old table instead of the new one.

Table access restrictions, on the affected MySQL servers, may accidently or intentially be bypassed due to this bug.

References

Bugtraq ID 11357
CVE Name CVE-2004-0835
URL http://bugs.mysql.com/bug.php?id=3270
URL http://rhn.redhat.com/errata/RHSA-2004-611.html
URL http://xforce.iss.net/xforce/xfdb/17666