Upstream information

CVE-2002-1374 at MITRE

Description

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.5
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SuSE Linux Enterprise Server 7 for IA32
SuSE Linux Office Server
  • mysql-shared >= 3.23.37-58
ul1.s390
ul1.ia64
ul1.x86
ul1.ppc
SuSE Linux Enterprise Server 8 for IPF
UnitedLinux 1.0
  • mysql-shared >= 3.23.52-36
ul1.s390
ul1.ia64
ul1.x86
ul1.ppc
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
  • mysql-shared >= 3.23.52-45
ul1.s390
ul1.ia64
ul1.x86
ul1.ppc
SuSE Linux Enterprise Server 8 for IBM zSeries
  • mysql-shared >= 3.23.52-23
ul1.s390
ul1.ia64
ul1.x86
ul1.ppc
SuSE Linux Openexchange Server 4
UnitedLinux 1.0
  • mysql-shared >= 3.23.52-44
ul1.s390
ul1.ia64
ul1.x86
ul1.ppc
SUSE LINUX Retail Solution 8
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0
  • mysql >= 3.23.52-44
ul1.s390
ul1.ia64
ul1.ppc
ul1.x86
ul1.s390x
SuSE Linux Enterprise Server 8 for IPF
UnitedLinux 1.0
  • mysql >= 3.23.52-36
ul1.s390
ul1.ia64
ul1.ppc
ul1.x86
ul1.s390x
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
  • mysql >= 3.23.52-45
  • mysql >= 3.23.52-47
ul1.s390
ul1.ia64
ul1.ppc
ul1.x86
ul1.s390x
SuSE Linux Enterprise Server 8 for IBM zSeries
  • mysql >= 3.23.52-23
ul1.s390
ul1.ia64
ul1.ppc
ul1.x86
ul1.s390x
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
  • mysql >= 3.23.52-29
ul1.s390
ul1.ppc
ul1.x86
ul1.s390x
SuSE Linux Enterprise Server 8 for IBM zSeries
  • mysql >= 3.23.52-21
ul1.s390
ul1.ppc
ul1.x86
ul1.s390x
SuSE Linux Openexchange Server 4
UnitedLinux 1.0
  • mysql >= 3.23.52-41
ul1.s390
ul1.ppc
ul1.x86
ul1.s390x
SUSE LINUX Retail Solution 8
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0
  • mysql-client >= 3.23.52-44
ul1.x86
ul1.s390
ul1.s390x
ul1.ppc
ul1.ia64
SuSE Linux Enterprise Server 8 for IPF
UnitedLinux 1.0
  • mysql-client >= 3.23.52-36
ul1.x86
ul1.s390
ul1.s390x
ul1.ppc
ul1.ia64
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
  • mysql-client >= 3.23.52-45
ul1.x86
ul1.s390
ul1.s390x
ul1.ppc
ul1.ia64
SuSE Linux Enterprise Server 8 for IBM zSeries
  • mysql-client >= 3.23.52-23
ul1.x86
ul1.s390
ul1.s390x
ul1.ppc
ul1.ia64
SuSE Linux Enterprise Server 8 for IPF
UnitedLinux 1.0
  • mysql-devel >= 3.23.52-36
ul1.s390
ul1.ia64
ul1.ppc
ul1.x86
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
  • mysql-devel >= 3.23.52-45
ul1.s390
ul1.ia64
ul1.ppc
ul1.x86
SuSE Linux Enterprise Server 8 for IBM zSeries
  • mysql-devel >= 3.23.52-23
ul1.s390
ul1.ia64
ul1.ppc
ul1.x86
SuSE Linux Openexchange Server 4
UnitedLinux 1.0
  • mysql-devel >= 3.23.52-44
ul1.s390
ul1.ia64
ul1.ppc
ul1.x86