mysql-dfsg-4.1 - several

2006-09-0500:00:00

Google

osv.dev

3.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:P/A:N

JSON

Several local vulnerabilities have been discovered in the MySQL
database server. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2006-4226
Michal Prokopiuk discovered that remote authenticated users are
permitted to create and access a database if the lowercase
spelling is the same as one they have been granted access to.
CVE-2006-4380
Beat Vontobel discovered that certain queries replicated to a
slave could crash the client and thus terminate the replication.

For the stable distribution (sarge) these problems have been fixed in
version 4.1.11a-4sarge7. Version 4.0 is not affected by these
problems.

For the unstable distribution (sid) these problems have been fixed in
version 5.0.24-3. The replication problem only exists in version 4.1.

We recommend that you upgrade your mysql-server-4.1 package.

CPENameOperatorVersion
mysql-dfsg-4.1eq4.1.11a-4sarge1
mysql-dfsg-4.1eq4.1.11a-4sarge2
mysql-dfsg-4.1eq4.1.11a-4
mysql-dfsg-4.1eq4.1.11a-4sarge4
mysql-dfsg-4.1eq4.1.11a-4sarge5
mysql-dfsg-4.1eq4.1.11a-4sarge3

Name	Operator	Version
mysql-dfsg-4.1	eq	4.1.11a-4sarge1
mysql-dfsg-4.1	eq	4.1.11a-4sarge2
mysql-dfsg-4.1	eq	4.1.11a-4
mysql-dfsg-4.1	eq	4.1.11a-4sarge4
mysql-dfsg-4.1	eq	4.1.11a-4sarge5
mysql-dfsg-4.1	eq	4.1.11a-4sarge3