Vulnerabilities > CVE-2001-1275 - Unspecified vulnerability in Oracle Mysql

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

oracle

nessus

NVD

Published: 2001-01-19

Updated: 2019-10-07

Summary

MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Mysql - Oracle Mysql 1.5.1 Oracle Mysql 3.20 Oracle Mysql 3.20.32A Oracle Mysql 3.21 Oracle Mysql 3.22 Oracle Mysql 3.22.26 Oracle Mysql 3.22.27 Oracle Mysql 3.22.28 Oracle Mysql 3.22.29 Oracle Mysql 3.22.30 Oracle Mysql 3.22.32 Oracle Mysql 3.23 Oracle Mysql 3.23.0 Oracle Mysql 3.23.1 Oracle Mysql 3.23.2 Oracle Mysql 3.23.3 Oracle Mysql 3.23.4 Oracle Mysql 3.23.5 Oracle Mysql 3.23.6 Oracle Mysql 3.23.7 Oracle Mysql 3.23.8 Oracle Mysql 3.23.9 Oracle Mysql 3.23.10 Oracle Mysql 3.23.11 Oracle Mysql 3.23.12 Oracle Mysql 3.23.13 Oracle Mysql 3.23.14 Oracle Mysql 3.23.15 Oracle Mysql 3.23.16 Oracle Mysql 3.23.17 Oracle Mysql 3.23.18 Oracle Mysql 3.23.19 Oracle Mysql 3.23.20 Oracle Mysql 3.23.21 Oracle Mysql 3.23.22 Oracle Mysql 3.23.23 Oracle Mysql 3.23.24 Oracle Mysql 3.23.25 Oracle Mysql 3.23.26 Oracle Mysql 3.23.27 Oracle Mysql 3.23.28 Oracle Mysql 3.23.29 Oracle Mysql 3.23.30 Oracle Mysql 3.23.31	46

Nessus

NASL family	Databases
NASL id	MYSQL_FLAWS.NASL
description	The installed version of MySQL is older than version 3.23.36. Such versions are potentially affected by multiple vulnerabilities : - It is possible to modify arbitrary files and gain privileges by creating a database with
last seen	2020-06-01
modified	2020-06-02
plugin id	10626
published	2001-03-08
reporter	This script is Copyright (C) 2001-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/10626
title	MySQL < 3.23.36 Multiple Vulnerabilities

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2001-014.NASL
description	A security problem exists in all versions of MySQL after 3.23.2 and prior to 3.23.31. The problem is that the SHOW GRANTS command could be executed by any user making it possible for anyone with a MySQL account to get the crypted password from the mysql.user table. The new 3.23.31 version fixes this. Due to library changes, the previously announced PHP update (MDKSA-2001:013) has been updated as well so that the php-mysql module supports this new version of MySQL. It also corrects the upgrade scripts in the package, however you will still need to verify that PHP support is enabled in your /etc/httpd/conf/httpd.conf Apache configuration file and verify that the installed modules are uncommented in your /etc/php.ini file. Update : Previous versions of MySQL also suffered from a buffer overflow problem that has been corrected in the recent releases. This update fixes the buffer overflow problem in the MySQL packages provided with Linux- Mandrake 7.1 and Corporate Server 1.0.1.
last seen	2020-06-01
modified	2020-06-02
plugin id	61888
published	2012-09-06
reporter	This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/61888
title	Mandrake Linux Security Advisory : MySQL (MDKSA-2001:014-1)

Redhat

advisories

rhsa

id	RHSA-2001:003

Summary

Vulnerable Configurations

Nessus

Redhat

References