MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00806.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Mysql Subscribe
Mysql Subscribe
Oracle Subscribe
Mysql Subscribe
Redhat Subscribe
Enterprise Linux Subscribe
Rhel Application Stack Subscribe

Configuration 1 [-]

OR cpe:2.3:a:mysql:mysql:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:4.1.8:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:4.1.10:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:4.1.12:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:4.1.13:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:4.1.14:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:4.1.15:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.22.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.13:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.15:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.16:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.17:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.18:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.19:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.20:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.21:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.23:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.24:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.25:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.26:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.27:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.2:alpha:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.3:beta:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.16:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.17:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.18:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.19:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.20:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.21:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.13:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.19:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.21:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.22:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 4
mysql-0:4.1.20-2.RHEL4.1 cpe:/o:redhat:enterprise_linux:4 RHSA-2007:0152 2007-04-03T00:00:00Z
Red Hat Web Application Stack for RHEL 4
mysql-0:5.0.30-1.el4s1.1 cpe:/a:redhat:rhel_application_stack:1 RHSA-2007:0083 2007-02-19T00:00:00Z

No data.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-1169-1 New MySQL 4.1 packages fix several vulnerabilities
EUVD EUVD EUVD-2006-4216 MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://bugs.mysql.com/bug.php?id=17647 cve-icon cve-icon
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html cve-icon cve-icon
http://docs.info.apple.com/article.html?artnum=305214 cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html cve-icon cve-icon
http://lists.mysql.com/commits/5927 cve-icon cve-icon
http://secunia.com/advisories/21506 cve-icon cve-icon
http://secunia.com/advisories/21627 cve-icon cve-icon
http://secunia.com/advisories/21762 cve-icon cve-icon
http://secunia.com/advisories/22080 cve-icon cve-icon
http://secunia.com/advisories/24479 cve-icon cve-icon
http://secunia.com/advisories/24744 cve-icon cve-icon
http://securitytracker.com/id?1016710 cve-icon cve-icon
http://www.debian.org/security/2006/dsa-1169 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2006:149 cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2006_23_sr.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2007-0083.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2007-0152.html cve-icon cve-icon
http://www.securityfocus.com/bid/19559 cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA07-072A.html cve-icon cve-icon
http://www.vupen.com/english/advisories/2006/3306 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/0930 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/28448 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2006-4226 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10729 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2006-4226 cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-07T18:57:46.518Z

Reserved: 2006-08-18T00:00:00

Link: CVE-2006-4226

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2006-08-18T20:04:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-4226

cve-icon Redhat

Severity : Low

Publid Date: 2006-02-22T00:00:00Z

Links: CVE-2006-4226 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses