CVE Vulnerabilities

CVE-2002-1374

Published: Dec 23, 2002 | Modified: Oct 07, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.

Affected Software

Name Vendor Start Version End Version
Mysql Oracle 3.22.26 3.22.26
Mysql Oracle 3.22.27 3.22.27
Mysql Oracle 3.22.28 3.22.28
Mysql Oracle 3.22.29 3.22.29
Mysql Oracle 3.22.30 3.22.30
Mysql Oracle 3.22.32 3.22.32
Mysql Oracle 3.23.2 3.23.2
Mysql Oracle 3.23.3 3.23.3
Mysql Oracle 3.23.4 3.23.4
Mysql Oracle 3.23.5 3.23.5
Mysql Oracle 3.23.8 3.23.8
Mysql Oracle 3.23.9 3.23.9
Mysql Oracle 3.23.10 3.23.10
Mysql Oracle 3.23.23 3.23.23
Mysql Oracle 3.23.24 3.23.24
Mysql Oracle 3.23.25 3.23.25
Mysql Oracle 3.23.26 3.23.26
Mysql Oracle 3.23.27 3.23.27
Mysql Oracle 3.23.28 3.23.28
Mysql Oracle 3.23.29 3.23.29
Mysql Oracle 3.23.30 3.23.30
Mysql Oracle 3.23.31 3.23.31
Mysql Oracle 3.23.34 3.23.34
Mysql Oracle 3.23.36 3.23.36
Mysql Oracle 3.23.37 3.23.37
Mysql Oracle 3.23.38 3.23.38
Mysql Oracle 3.23.39 3.23.39
Mysql Oracle 3.23.40 3.23.40
Mysql Oracle 3.23.41 3.23.41
Mysql Oracle 3.23.42 3.23.42
Mysql Oracle 3.23.43 3.23.43
Mysql Oracle 3.23.44 3.23.44
Mysql Oracle 3.23.45 3.23.45
Mysql Oracle 3.23.46 3.23.46
Mysql Oracle 3.23.47 3.23.47
Mysql Oracle 3.23.48 3.23.48
Mysql Oracle 3.23.49 3.23.49
Mysql Oracle 3.23.50 3.23.50
Mysql Oracle 3.23.51 3.23.51
Mysql Oracle 3.23.52 3.23.52
Mysql Oracle 3.23.53 3.23.53
Mysql Oracle 3.23.53a 3.23.53a
Mysql Oracle 4.0.0 4.0.0
Mysql Oracle 4.0.1 4.0.1
Mysql Oracle 4.0.2 4.0.2
Mysql Oracle 4.0.3 4.0.3
Mysql Oracle 4.0.5a 4.0.5a
Netbackup_advanced_reporter Symantec_veritas 3.4 3.4
Netbackup_advanced_reporter Symantec_veritas 4.5 4.5
Netbackup_advanced_reporter Symantec_veritas 4.5_fp1 4.5_fp1
Netbackup_advanced_reporter Symantec_veritas 4.5_fp2 4.5_fp2
Netbackup_advanced_reporter Symantec_veritas 4.5_fp3 4.5_fp3
Netbackup_advanced_reporter Symantec_veritas 4.5_mp1 4.5_mp1
Netbackup_advanced_reporter Symantec_veritas 4.5_mp2 4.5_mp2
Netbackup_advanced_reporter Symantec_veritas 4.5_mp3 4.5_mp3
Netbackup_global_data_manager Symantec_veritas 4.5 4.5
Netbackup_global_data_manager Symantec_veritas 4.5_fp1 4.5_fp1
Netbackup_global_data_manager Symantec_veritas 4.5_fp2 4.5_fp2
Netbackup_global_data_manager Symantec_veritas 4.5_fp3 4.5_fp3
Netbackup_global_data_manager Symantec_veritas 4.5_mp1 4.5_mp1
Netbackup_global_data_manager Symantec_veritas 4.5_mp2 4.5_mp2
Netbackup_global_data_manager Symantec_veritas 4.5_mp3 4.5_mp3

References