Upstream information

CVE-2002-1374 at MITRE

Description

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.5
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SuSE Linux Enterprise Server 7 for IA32
SuSE Linux Office Server
  • mysql-shared >= 3.23.37-58
Builds
SuSE Linux Enterprise Server 8 for IPF
UnitedLinux 1.0
  • mysql-shared >= 3.23.52-36
Builds
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
  • mysql-shared >= 3.23.52-45
Builds
SuSE Linux Enterprise Server 8 for IBM zSeries
  • mysql-shared >= 3.23.52-23
Builds
SuSE Linux Openexchange Server 4
UnitedLinux 1.0
  • mysql-shared >= 3.23.52-44
Builds
SUSE LINUX Retail Solution 8
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0
  • mysql >= 3.23.52-44
Builds
SuSE Linux Enterprise Server 8 for IPF
UnitedLinux 1.0
  • mysql >= 3.23.52-36
Builds
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
  • mysql >= 3.23.52-45
  • mysql >= 3.23.52-47
Builds
SuSE Linux Enterprise Server 8 for IBM zSeries
  • mysql >= 3.23.52-23
Builds
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
  • mysql >= 3.23.52-29
Builds
SuSE Linux Enterprise Server 8 for IBM zSeries
  • mysql >= 3.23.52-21
Builds
SuSE Linux Openexchange Server 4
UnitedLinux 1.0
  • mysql >= 3.23.52-41
Builds
SUSE LINUX Retail Solution 8
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0
  • mysql-client >= 3.23.52-44
Builds
SuSE Linux Enterprise Server 8 for IPF
UnitedLinux 1.0
  • mysql-client >= 3.23.52-36
Builds
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
  • mysql-client >= 3.23.52-45
Builds
SuSE Linux Enterprise Server 8 for IBM zSeries
  • mysql-client >= 3.23.52-23
Builds
SuSE Linux Enterprise Server 8 for IPF
UnitedLinux 1.0
  • mysql-devel >= 3.23.52-36
Builds
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
  • mysql-devel >= 3.23.52-45
Builds
SuSE Linux Enterprise Server 8 for IBM zSeries
  • mysql-devel >= 3.23.52-23
Builds
SuSE Linux Openexchange Server 4
UnitedLinux 1.0
  • mysql-devel >= 3.23.52-44
Builds