ID CVE-2006-4226
Summary MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.
References
Vulnerable Configurations
  • MySQL MySQL 4.0.0
    cpe:2.3:a:mysql:mysql:4.0.0
  • MySQL MySQL 4.0.1
    cpe:2.3:a:mysql:mysql:4.0.1
  • MySQL MySQL 4.0.2
    cpe:2.3:a:mysql:mysql:4.0.2
  • MySQL MySQL 4.0.3
    cpe:2.3:a:mysql:mysql:4.0.3
  • MySQL MySQL 4.0.4
    cpe:2.3:a:mysql:mysql:4.0.4
  • MySQL MySQL 4.0.5
    cpe:2.3:a:mysql:mysql:4.0.5
  • MySQL MySQL 4.0.5a
    cpe:2.3:a:mysql:mysql:4.0.5a
  • MySQL MySQL 4.0.6
    cpe:2.3:a:mysql:mysql:4.0.6
  • MySQL MySQL 4.0.7
    cpe:2.3:a:mysql:mysql:4.0.7
  • MySQL MySQL 4.0.7 gamma
    cpe:2.3:a:mysql:mysql:4.0.7:gamma
  • MySQL MySQL 4.0.8
    cpe:2.3:a:mysql:mysql:4.0.8
  • MySQL MySQL 4.0.8 gamma
    cpe:2.3:a:mysql:mysql:4.0.8:gamma
  • MySQL MySQL 4.0.9
    cpe:2.3:a:mysql:mysql:4.0.9
  • MySQL MySQL 4.0.9 gamma
    cpe:2.3:a:mysql:mysql:4.0.9:gamma
  • MySQL MySQL 4.0.10
    cpe:2.3:a:mysql:mysql:4.0.10
  • MySQL MySQL 4.0.11
    cpe:2.3:a:mysql:mysql:4.0.11
  • MySQL MySQL 4.0.11 gamma
    cpe:2.3:a:mysql:mysql:4.0.11:gamma
  • MySQL MySQL 4.0.12
    cpe:2.3:a:mysql:mysql:4.0.12
  • MySQL MySQL 4.0.13
    cpe:2.3:a:mysql:mysql:4.0.13
  • MySQL MySQL 4.0.14
    cpe:2.3:a:mysql:mysql:4.0.14
  • MySQL MySQL 4.0.15
    cpe:2.3:a:mysql:mysql:4.0.15
  • MySQL MySQL 4.0.16
    cpe:2.3:a:mysql:mysql:4.0.16
  • MySQL MySQL 4.0.17
    cpe:2.3:a:mysql:mysql:4.0.17
  • MySQL MySQL 4.0.18
    cpe:2.3:a:mysql:mysql:4.0.18
  • MySQL MySQL 4.0.19
    cpe:2.3:a:mysql:mysql:4.0.19
  • MySQL MySQL 4.0.20
    cpe:2.3:a:mysql:mysql:4.0.20
  • MySQL MySQL 4.0.21
    cpe:2.3:a:mysql:mysql:4.0.21
  • MySQL MySQL 4.0.23
    cpe:2.3:a:mysql:mysql:4.0.23
  • MySQL MySQL 4.0.24
    cpe:2.3:a:mysql:mysql:4.0.24
  • MySQL MySQL 4.0.25
    cpe:2.3:a:mysql:mysql:4.0.25
  • MySQL MySQL 4.0.26
    cpe:2.3:a:mysql:mysql:4.0.26
  • MySQL MySQL 4.0.27
    cpe:2.3:a:mysql:mysql:4.0.27
  • MySQL MySQL 4.1
    cpe:2.3:a:mysql:mysql:4.1
  • MySQL MySQL 4.1.0
    cpe:2.3:a:mysql:mysql:4.1.0
  • MySQL MySQL 4.1.0 alpha
    cpe:2.3:a:mysql:mysql:4.1.0:alpha
  • MySQL MySQL 4.1.0.0
    cpe:2.3:a:mysql:mysql:4.1.0.0
  • MySQL MySQL 4.1.1
    cpe:2.3:a:mysql:mysql:4.1.1
  • MySQL MySQL 4.1.2
    cpe:2.3:a:mysql:mysql:4.1.2
  • MySQL MySQL 4.1.2 alpha
    cpe:2.3:a:mysql:mysql:4.1.2:alpha
  • MySQL MySQL 4.1.3
    cpe:2.3:a:mysql:mysql:4.1.3
  • MySQL MySQL 4.1.3 beta
    cpe:2.3:a:mysql:mysql:4.1.3:beta
  • MySQL MySQL 4.1.4
    cpe:2.3:a:mysql:mysql:4.1.4
  • MySQL MySQL 4.1.5
    cpe:2.3:a:mysql:mysql:4.1.5
  • MySQL MySQL 4.1.6
    cpe:2.3:a:mysql:mysql:4.1.6
  • MySQL MySQL 4.1.7
    cpe:2.3:a:mysql:mysql:4.1.7
  • MySQL MySQL 4.1.8
    cpe:2.3:a:mysql:mysql:4.1.8
  • MySQL MySQL 4.1.8a
    cpe:2.3:a:mysql:mysql:4.1.8a
  • MySQL MySQL 4.1.9
    cpe:2.3:a:mysql:mysql:4.1.9
  • MySQL MySQL 4.1.10
    cpe:2.3:a:mysql:mysql:4.1.10
  • MySQL MySQL 4.1.10a
    cpe:2.3:a:mysql:mysql:4.1.10a
  • MySQL MySQL 4.1.11
    cpe:2.3:a:mysql:mysql:4.1.11
  • MySQL MySQL 4.1.12
    cpe:2.3:a:mysql:mysql:4.1.12
  • MySQL MySQL 4.1.12a
    cpe:2.3:a:mysql:mysql:4.1.12a
  • MySQL MySQL 4.1.13
    cpe:2.3:a:mysql:mysql:4.1.13
  • MySQL MySQL 4.1.13a
    cpe:2.3:a:mysql:mysql:4.1.13a
  • MySQL MySQL 4.1.14
    cpe:2.3:a:mysql:mysql:4.1.14
  • MySQL MySQL 4.1.14a
    cpe:2.3:a:mysql:mysql:4.1.14a
  • MySQL MySQL 4.1.15
    cpe:2.3:a:mysql:mysql:4.1.15
  • MySQL MySQL 4.1.15a
    cpe:2.3:a:mysql:mysql:4.1.15a
  • MySQL MySQL 4.1.16
    cpe:2.3:a:mysql:mysql:4.1.16
  • MySQL MySQL 4.1.17
    cpe:2.3:a:mysql:mysql:4.1.17
  • MySQL MySQL 4.1.18
    cpe:2.3:a:mysql:mysql:4.1.18
  • MySQL MySQL 4.1.19
    cpe:2.3:a:mysql:mysql:4.1.19
  • MySQL MySQL 4.1.20
    cpe:2.3:a:mysql:mysql:4.1.20
  • MySQL MySQL 4.1.21
    cpe:2.3:a:mysql:mysql:4.1.21
  • MySQL 5.0
    cpe:2.3:a:mysql:mysql:5.0
  • MySQL MySQL 5.0.0
    cpe:2.3:a:mysql:mysql:5.0.0
  • MySQL MySQL 5.0.0 alpha
    cpe:2.3:a:mysql:mysql:5.0.0:alpha
  • MySQL MySQL 5.0.0.0
    cpe:2.3:a:mysql:mysql:5.0.0.0
  • MySQL MySQL 5.0.1
    cpe:2.3:a:mysql:mysql:5.0.1
  • MySQL MySQL 5.0.1a
    cpe:2.3:a:mysql:mysql:5.0.1a
  • MySQL MySQL 5.0.2
    cpe:2.3:a:mysql:mysql:5.0.2
  • MySQL MySQL 5.0.3
    cpe:2.3:a:mysql:mysql:5.0.3
  • MySQL MySQL 5.0.3 Beta
    cpe:2.3:a:mysql:mysql:5.0.3:beta
  • MySQL MySQL 5.0.3a
    cpe:2.3:a:mysql:mysql:5.0.3a
  • MySQL MySQL 5.0.4
    cpe:2.3:a:mysql:mysql:5.0.4
  • MySQL MySQL 5.0.4a
    cpe:2.3:a:mysql:mysql:5.0.4a
  • MySQL MySQL 5.0.5
    cpe:2.3:a:mysql:mysql:5.0.5
  • cpe:2.3:a:mysql:mysql:5.0.5.0.21
    cpe:2.3:a:mysql:mysql:5.0.5.0.21
  • MySQL MySQL 5.0.6
    cpe:2.3:a:mysql:mysql:5.0.6
  • MySQL MySQL 5.0.7
    cpe:2.3:a:mysql:mysql:5.0.7
  • MySQL MySQL 5.0.8
    cpe:2.3:a:mysql:mysql:5.0.8
  • MySQL MySQL 5.0.9
    cpe:2.3:a:mysql:mysql:5.0.9
  • MySQL MySQL 5.0.10
    cpe:2.3:a:mysql:mysql:5.0.10
  • MySQL MySQL 5.0.10a
    cpe:2.3:a:mysql:mysql:5.0.10a
  • MySQL MySQL 5.0.11
    cpe:2.3:a:mysql:mysql:5.0.11
  • MySQL MySQL 5.0.12
    cpe:2.3:a:mysql:mysql:5.0.12
  • MySQL MySQL 5.0.13
    cpe:2.3:a:mysql:mysql:5.0.13
  • MySQL MySQL 5.0.14
    cpe:2.3:a:mysql:mysql:5.0.14
  • MySQL MySQL 5.0.15
    cpe:2.3:a:mysql:mysql:5.0.15
  • MySQL MySQL 5.0.15a
    cpe:2.3:a:mysql:mysql:5.0.15a
  • MySQL MySQL 5.0.16
    cpe:2.3:a:mysql:mysql:5.0.16
  • MySQL MySQL 5.0.16a
    cpe:2.3:a:mysql:mysql:5.0.16a
  • MySQL MySQL 5.0.17
    cpe:2.3:a:mysql:mysql:5.0.17
  • MySQL MySQL 5.0.17a
    cpe:2.3:a:mysql:mysql:5.0.17a
  • MySQL MySQL 5.0.18
    cpe:2.3:a:mysql:mysql:5.0.18
  • MySQL MySQL 5.0.19
    cpe:2.3:a:mysql:mysql:5.0.19
  • MySQL MySQL 5.0.20
    cpe:2.3:a:mysql:mysql:5.0.20
  • MySQL MySQL 5.0.20a
    cpe:2.3:a:mysql:mysql:5.0.20a
  • MySQL MySQL 5.0.21
    cpe:2.3:a:mysql:mysql:5.0.21
  • MySQL MySQL 5.0.22
    cpe:2.3:a:mysql:mysql:5.0.22
  • cpe:2.3:a:mysql:mysql:5.0.22.1.0.1
    cpe:2.3:a:mysql:mysql:5.0.22.1.0.1
  • MySQL 5.1.1
    cpe:2.3:a:mysql:mysql:5.1.1
  • MySQL 5.1.2
    cpe:2.3:a:mysql:mysql:5.1.2
  • MySQL 5.1.3
    cpe:2.3:a:mysql:mysql:5.1.3
  • MySQL 5.1.4
    cpe:2.3:a:mysql:mysql:5.1.4
  • MySQL 5.1.5
    cpe:2.3:a:mysql:mysql:5.1.5
  • MySQL 5.1.6
    cpe:2.3:a:mysql:mysql:5.1.6
  • MySQL 5.1.7
    cpe:2.3:a:mysql:mysql:5.1.7
  • MySQL 5.1.8
    cpe:2.3:a:mysql:mysql:5.1.8
  • MySQL 5.1.9
    cpe:2.3:a:mysql:mysql:5.1.9
  • MySQL 5.1.10
    cpe:2.3:a:mysql:mysql:5.1.10
  • MySQL 5.1.11
    cpe:2.3:a:mysql:mysql:5.1.11
CVSS
Base: 3.6 (as of 21-08-2006 - 09:38)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MYSQL-2075.NASL
    description This update of mysql fixes several security vulnerabilities. (CVE-2006-4031,CVE-2006-4226,CVE-2006-4227)
    last seen 2018-09-01
    modified 2018-07-19
    plugin id 27358
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27358
    title openSUSE 10 Security Update : mysql (mysql-2075)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1169.NASL
    description Several local vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4226 Michal Prokopiuk discovered that remote authenticated users are permitted to create and access a database if the lowercase spelling is the same as one they have been granted access to. - CVE-2006-4380 Beat Vontobel discovered that certain queries replicated to a slave could crash the client and thus terminate the replication.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22711
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22711
    title Debian DSA-1169-1 : mysql-dfsg-4.1 - several vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0152.NASL
    description From Red Hat Security Advisory 2007:0152 : Updated mysql packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. A flaw was found in the way MySQL handled case sensitive database names. A user with the ability to create databases could gain unauthorized access to other databases hosted by the MySQL server. (CVE-2006-4226) This flaw does not affect the version of MySQL distributed with Red Hat Enterprise Linux 2.1, 3, or 5. All users of the MySQL server are advised to upgrade to these updated packages, which contain a backported patch which fixes this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67470
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67470
    title Oracle Linux 4 : mysql (ELSA-2007-0152)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-149.NASL
    description MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy (CVE-2006-4031). The update allows the local admin to override MERGE using the '--skip-merge' option when running mysqld. This can be defined under MYSQLD_OPTIONS in /etc/sysconfig/mysqld. If '--skip-merge' is not used, the old behaviour of MERGE tables is still used. MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions (CVE-2006-4226). Packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 23896
    published 2006-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23896
    title Mandrake Linux Security Advisory : MySQL (MDKSA-2006:149)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0152.NASL
    description Updated mysql packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. A flaw was found in the way MySQL handled case sensitive database names. A user with the ability to create databases could gain unauthorized access to other databases hosted by the MySQL server. (CVE-2006-4226) This flaw does not affect the version of MySQL distributed with Red Hat Enterprise Linux 2.1, 3, or 5. All users of the MySQL server are advised to upgrade to these updated packages, which contain a backported patch which fixes this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25007
    published 2007-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25007
    title CentOS 4 : mysql (CESA-2007:0152)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_4_9.NASL
    description The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.9 or a version of Mac OS X 10.3 which does not have Security Update 2007-003 applied. This update contains several security fixes for the following programs : - ColorSync - CoreGraphics - Crash Reporter - CUPS - Disk Images - DS Plugins - Flash Player - GNU Tar - HFS - HID Family - ImageIO - Kernel - MySQL server - Networking - OpenSSH - Printing - QuickDraw Manager - servermgrd - SMB File Server - Software Update - sudo - WebLog
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 24811
    published 2007-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24811
    title Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0152.NASL
    description Updated mysql packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. A flaw was found in the way MySQL handled case sensitive database names. A user with the ability to create databases could gain unauthorized access to other databases hosted by the MySQL server. (CVE-2006-4226) This flaw does not affect the version of MySQL distributed with Red Hat Enterprise Linux 2.1, 3, or 5. All users of the MySQL server are advised to upgrade to these updated packages, which contain a backported patch which fixes this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 24951
    published 2007-04-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24951
    title RHEL 4 : mysql (RHSA-2007:0152)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_A0E92718660311DBAB90000E35FD8194.NASL
    description Michal Prokopiuk reports a privilege escalation in MySQL. The vulnerability causes MySQL, when run on case-sensitive filesystems, to allow remote and local authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 22923
    published 2006-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22923
    title FreeBSD : mysql -- database 'case-sensitive' privilege escalation (a0e92718-6603-11db-ab90-000e35fd8194)
  • NASL family Databases
    NASL id MYSQL_5_1_12.NASL
    description The version of MySQL installed on the remote host is earlier than 4.1.21 / 5.0.25 / 5.1.12 and thus reportedly allows a remote user who has access rights on one database to access another database if the names differ only in case.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 17807
    published 2012-01-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17807
    title MySQL < 4.1.21 / 5.0.25 / 5.1.12 Access Control
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MYSQL-2073.NASL
    description This update of mysql fixes several security vulnerabilities. (CVE-2006-4031 / CVE-2006-4226 / CVE-2006-4227)
    last seen 2018-09-01
    modified 2012-05-17
    plugin id 29524
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29524
    title SuSE 10 Security Update : mysql (ZYPP Patch Number 2073)
oval via4
accepted 2013-04-29T04:08:10.329-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.
family unix
id oval:org.mitre.oval:def:10729
status accepted
submitted 2010-07-09T03:56:16-04:00
title MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.
version 23
redhat via4
advisories
  • bugzilla
    id 203426
    title CVE-2006-4226 mysql-server create database privilege escalation
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment mysql is earlier than 0:4.1.20-2.RHEL4.1
          oval oval:com.redhat.rhsa:tst:20070152002
        • comment mysql is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070152003
      • AND
        • comment mysql-bench is earlier than 0:4.1.20-2.RHEL4.1
          oval oval:com.redhat.rhsa:tst:20070152006
        • comment mysql-bench is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070152007
      • AND
        • comment mysql-devel is earlier than 0:4.1.20-2.RHEL4.1
          oval oval:com.redhat.rhsa:tst:20070152004
        • comment mysql-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070152005
      • AND
        • comment mysql-server is earlier than 0:4.1.20-2.RHEL4.1
          oval oval:com.redhat.rhsa:tst:20070152008
        • comment mysql-server is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070152009
    rhsa
    id RHSA-2007:0152
    released 2007-04-03
    severity Moderate
    title RHSA-2007:0152: mysql security update (Moderate)
  • rhsa
    id RHSA-2007:0083
rpms
  • mysql-0:4.1.20-2.RHEL4.1
  • mysql-bench-0:4.1.20-2.RHEL4.1
  • mysql-devel-0:4.1.20-2.RHEL4.1
  • mysql-server-0:4.1.20-2.RHEL4.1
refmap via4
apple APPLE-SA-2007-03-13
bid 19559
cert TA07-072A
confirm
debian DSA-1169
mandriva MDKSA-2006:149
misc http://bugs.mysql.com/bug.php?id=17647
mlist [commits] 20060504 bk commit into 4.1 tree (bar:1.2474)
sectrack 1016710
secunia
  • 21506
  • 21627
  • 21762
  • 22080
  • 24479
  • 24744
suse SUSE-SR:2006:023
vupen
  • ADV-2006-3306
  • ADV-2007-0930
xf mysql-case-privilege-escalation(28448)
statements via4
contributor Mark J Cox
lastmodified 2006-09-19
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203426 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 2.1 or 3
Last major update 07-03-2011 - 21:40
Published 18-08-2006 - 16:04
Last modified 10-10-2017 - 21:31
Back to Top