CVE-2006-4226

MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.

🔗 References (46)

• cve@mitrehttp://bugs.mysql.com/bug.php?id=17647
• cve@mitrehttp://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html
• cve@mitrehttp://docs.info.apple.com/article.html?artnum=305214
• cve@mitrehttp://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
• cve@mitrehttp://lists.mysql.com/commits/5927
• cve@mitrehttp://secunia.com/advisories/21506
• cve@mitrehttp://secunia.com/advisories/21627
• cve@mitrehttp://secunia.com/advisories/21762
• cve@mitrehttp://secunia.com/advisories/22080
• cve@mitrehttp://secunia.com/advisories/24479
• cve@mitrehttp://secunia.com/advisories/24744
• cve@mitrehttp://securitytracker.com/id?1016710
• cve@mitrehttp://www.debian.org/security/2006/dsa-1169
• cve@mitrehttp://www.mandriva.com/security/advisories?name=MDKSA-2006:149
• cve@mitrehttp://www.novell.com/linux/security/advisories/2006_23_sr.html