CVE-2002-1374
CVE-2002-1374
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/22084unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555http://marc.info/?l=bugtraq&m=103971644013961&w=2http://marc.info/?l=bugtraq&m=104004857201968&w=2http://marc.info/?l=bugtraq&m=104005886114500&w=2http://security.e-matters.de/advisories/042002.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/10847http://www.debian.org/security/2002/dsa-212http://www.linuxsecurity.com/advisories/engarde_advisory-2660.htmlhttp://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:087http://www.novell.com/linux/security/advisories/2003_003_mysql.htmlhttp://www.redhat.com/support/errata/RHSA-2002-288.htmlhttp://www.redhat.com/support/errata/RHSA-2002-289.html