Summary
The remote host is missing an update to the system as announced in the referenced advisory.
Solution
Update your system with the appropriate patches or software upgrades.
http://bugs.mysql.com/bug.php?id=3933
http://rhn.redhat.com/errata/RHSA-2004-611.html
http://www.openpkg.org/security/OpenPKG-SA-2004.045-mysql.html http://www.vuxml.org/freebsd/01c231cd-4393-11d9-8bb9-00065be4b5b6.html
Insight
The following package is affected: mysql-server
CVE-2004-0957
Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a '_' (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.
Severity
Classification
-
CVE CVE-2004-0957 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities