mysql -- database "case-sensitive" privilege escalation

ID A0E92718-6603-11DB-AB90-000E35FD8194
Type freebsd
Reporter FreeBSD
Modified 2006-08-09T00:00:00


Michal Prokopiuk reports a privilege escalation in MySQL. The vulnerability causes MySQL, when run on case-sensitive filesystems, to allow remote and local authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.