Vulnerabilities > CVE-2001-0407 - Unspecified vulnerability in Oracle Mysql

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

oracle

nessus

exploit available

NVD

Published: 2001-06-27

Updated: 2024-11-20

Summary

Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Mysql - Oracle Mysql 1.5.1 Oracle Mysql 3.20 Oracle Mysql 3.20.32A Oracle Mysql 3.21 Oracle Mysql 3.22 Oracle Mysql 3.22.26 Oracle Mysql 3.22.27 Oracle Mysql 3.22.28 Oracle Mysql 3.22.29 Oracle Mysql 3.22.30 Oracle Mysql 3.22.32 Oracle Mysql 3.23 Oracle Mysql 3.23.0 Oracle Mysql 3.23.1 Oracle Mysql 3.23.2 Oracle Mysql 3.23.3 Oracle Mysql 3.23.4 Oracle Mysql 3.23.5 Oracle Mysql 3.23.6 Oracle Mysql 3.23.7 Oracle Mysql 3.23.8 Oracle Mysql 3.23.9 Oracle Mysql 3.23.10 Oracle Mysql 3.23.11 Oracle Mysql 3.23.12 Oracle Mysql 3.23.13 Oracle Mysql 3.23.14 Oracle Mysql 3.23.15 Oracle Mysql 3.23.16 Oracle Mysql 3.23.17 Oracle Mysql 3.23.18 Oracle Mysql 3.23.19 Oracle Mysql 3.23.20 Oracle Mysql 3.23.21 Oracle Mysql 3.23.22 Oracle Mysql 3.23.23 Oracle Mysql 3.23.24 Oracle Mysql 3.23.25 Oracle Mysql 3.23.26 Oracle Mysql 3.23.27 Oracle Mysql 3.23.28 Oracle Mysql 3.23.29 Oracle Mysql 3.23.30 Oracle Mysql 3.23.31 Oracle Mysql 3.23.32 Oracle Mysql 3.23.33 Oracle Mysql 3.23.34 Oracle Mysql 3.23.35 Oracle Mysql 3.23.36	51

Exploit-Db

description	MySQL 3.20.32 a/3.23.34 Root Operation Symbolic Link File Overwriting Vulnerability. CVE-2001-0407 . Local exploit for unix platform
id	EDB-ID:20718
last seen	2016-02-02
modified	2001-03-18
published	2001-03-18
reporter	lesha
source	https://www.exploit-db.com/download/20718/
title	MySQL 3.20.32 a/3.23.34 Root Operation Symbolic Link File Overwriting Vulnerability

Nessus

NASL family	Databases
NASL id	MYSQL_FLAWS.NASL
description	The installed version of MySQL is older than version 3.23.36. Such versions are potentially affected by multiple vulnerabilities : - It is possible to modify arbitrary files and gain privileges by creating a database with
last seen	2020-06-01
modified	2020-06-02
plugin id	10626
published	2001-03-08
reporter	This script is Copyright (C) 2001-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/10626
title	MySQL < 3.23.36 Multiple Vulnerabilities

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References