CVE-2006-4226
mysql-server create database privilege escalation
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.
MySQL anteriores a 4.1.21, 5.0 anterior a 5.0.25, y 5.1 anteriores a 5.1.12, cuando se ejecutan en sistemas de fichero sensibles al uso de mayúsculas o minúscular, permite a usuarios autenticados remotamente crear o acceder a una base de datos cuando el nombre de la base de datos difiere sólo en el uso de mayúsculas y minúsculas de una base de datos para la cual tienen permisos.
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy. MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-08-18 CVE Reserved
- 2006-08-18 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2025-07-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (25)
| URL | Tag | Source |
|---|---|---|
| http://docs.info.apple.com/article.html?artnum=305214 | X_refsource_confirm | |
| http://secunia.com/advisories/21627 | Third Party Advisory | |
| http://secunia.com/advisories/21762 | Third Party Advisory | |
| http://secunia.com/advisories/22080 | Third Party Advisory | |
| http://secunia.com/advisories/24479 | Third Party Advisory | |
| http://secunia.com/advisories/24744 | Third Party Advisory | |
| http://securitytracker.com/id?1016710 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA07-072A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2006/3306 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/0930 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28448 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10729 | Signature |
| URL | Date | SRC |
|---|---|---|
| http://bugs.mysql.com/bug.php?id=17647 | 2024-08-07 | |
| http://secunia.com/advisories/21506 | 2024-08-07 | |
| http://www.securityfocus.com/bid/19559 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html | 2019-12-17 | |
| http://lists.mysql.com/commits/5927 | 2019-12-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 4.1.0 Search vendor "Mysql" for product "Mysql" and version "4.1.0" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 4.1.2 Search vendor "Mysql" for product "Mysql" and version "4.1.2" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 4.1.3 Search vendor "Mysql" for product "Mysql" and version "4.1.3" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 4.1.8 Search vendor "Mysql" for product "Mysql" and version "4.1.8" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 4.1.10 Search vendor "Mysql" for product "Mysql" and version "4.1.10" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 4.1.12 Search vendor "Mysql" for product "Mysql" and version "4.1.12" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 4.1.13 Search vendor "Mysql" for product "Mysql" and version "4.1.13" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 4.1.14 Search vendor "Mysql" for product "Mysql" and version "4.1.14" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 4.1.15 Search vendor "Mysql" for product "Mysql" and version "4.1.15" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.0 Search vendor "Mysql" for product "Mysql" and version "5.0.0" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.1 Search vendor "Mysql" for product "Mysql" and version "5.0.1" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.2 Search vendor "Mysql" for product "Mysql" and version "5.0.2" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.3 Search vendor "Mysql" for product "Mysql" and version "5.0.3" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.4 Search vendor "Mysql" for product "Mysql" and version "5.0.4" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.5 Search vendor "Mysql" for product "Mysql" and version "5.0.5" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.5.0.21 Search vendor "Mysql" for product "Mysql" and version "5.0.5.0.21" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.10 Search vendor "Mysql" for product "Mysql" and version "5.0.10" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.15 Search vendor "Mysql" for product "Mysql" and version "5.0.15" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.16 Search vendor "Mysql" for product "Mysql" and version "5.0.16" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.17 Search vendor "Mysql" for product "Mysql" and version "5.0.17" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.20 Search vendor "Mysql" for product "Mysql" and version "5.0.20" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.0.22.1.0.1 Search vendor "Mysql" for product "Mysql" and version "5.0.22.1.0.1" | - |
Affected
| ||||||
| Mysql Search vendor "Mysql" | Mysql Search vendor "Mysql" for product "Mysql" | 5.1.5 Search vendor "Mysql" for product "Mysql" and version "5.1.5" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.0 Search vendor "Oracle" for product "Mysql" and version "4.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.1 Search vendor "Oracle" for product "Mysql" and version "4.0.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.2 Search vendor "Oracle" for product "Mysql" and version "4.0.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.3 Search vendor "Oracle" for product "Mysql" and version "4.0.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.4 Search vendor "Oracle" for product "Mysql" and version "4.0.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.5 Search vendor "Oracle" for product "Mysql" and version "4.0.5" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.5a Search vendor "Oracle" for product "Mysql" and version "4.0.5a" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.6 Search vendor "Oracle" for product "Mysql" and version "4.0.6" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.7 Search vendor "Oracle" for product "Mysql" and version "4.0.7" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.7 Search vendor "Oracle" for product "Mysql" and version "4.0.7" | gamma |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.8 Search vendor "Oracle" for product "Mysql" and version "4.0.8" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.8 Search vendor "Oracle" for product "Mysql" and version "4.0.8" | gamma |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.9 Search vendor "Oracle" for product "Mysql" and version "4.0.9" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.9 Search vendor "Oracle" for product "Mysql" and version "4.0.9" | gamma |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.10 Search vendor "Oracle" for product "Mysql" and version "4.0.10" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.11 Search vendor "Oracle" for product "Mysql" and version "4.0.11" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.11 Search vendor "Oracle" for product "Mysql" and version "4.0.11" | gamma |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.12 Search vendor "Oracle" for product "Mysql" and version "4.0.12" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.13 Search vendor "Oracle" for product "Mysql" and version "4.0.13" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.14 Search vendor "Oracle" for product "Mysql" and version "4.0.14" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.15 Search vendor "Oracle" for product "Mysql" and version "4.0.15" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.16 Search vendor "Oracle" for product "Mysql" and version "4.0.16" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.17 Search vendor "Oracle" for product "Mysql" and version "4.0.17" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.18 Search vendor "Oracle" for product "Mysql" and version "4.0.18" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.19 Search vendor "Oracle" for product "Mysql" and version "4.0.19" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.20 Search vendor "Oracle" for product "Mysql" and version "4.0.20" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.21 Search vendor "Oracle" for product "Mysql" and version "4.0.21" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.23 Search vendor "Oracle" for product "Mysql" and version "4.0.23" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.24 Search vendor "Oracle" for product "Mysql" and version "4.0.24" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.25 Search vendor "Oracle" for product "Mysql" and version "4.0.25" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.26 Search vendor "Oracle" for product "Mysql" and version "4.0.26" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.0.27 Search vendor "Oracle" for product "Mysql" and version "4.0.27" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.1.0 Search vendor "Oracle" for product "Mysql" and version "4.1.0" | alpha |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.1.1 Search vendor "Oracle" for product "Mysql" and version "4.1.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.1.2 Search vendor "Oracle" for product "Mysql" and version "4.1.2" | alpha |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.1.3 Search vendor "Oracle" for product "Mysql" and version "4.1.3" | beta |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.1.4 Search vendor "Oracle" for product "Mysql" and version "4.1.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.1.5 Search vendor "Oracle" for product "Mysql" and version "4.1.5" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.1.6 Search vendor "Oracle" for product "Mysql" and version "4.1.6" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.1.7 Search vendor "Oracle" for product "Mysql" and version "4.1.7" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.1.9 Search vendor "Oracle" for product "Mysql" and version "4.1.9" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.1.11 Search vendor "Oracle" for product "Mysql" and version "4.1.11" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.1.16 Search vendor "Oracle" for product "Mysql" and version "4.1.16" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.1.17 Search vendor "Oracle" for product "Mysql" and version "4.1.17" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.1.18 Search vendor "Oracle" for product "Mysql" and version "4.1.18" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.1.19 Search vendor "Oracle" for product "Mysql" and version "4.1.19" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.1.20 Search vendor "Oracle" for product "Mysql" and version "4.1.20" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 4.1.21 Search vendor "Oracle" for product "Mysql" and version "4.1.21" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.0.0 Search vendor "Oracle" for product "Mysql" and version "5.0.0" | alpha |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.0.3 Search vendor "Oracle" for product "Mysql" and version "5.0.3" | beta |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.0.6 Search vendor "Oracle" for product "Mysql" and version "5.0.6" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.0.7 Search vendor "Oracle" for product "Mysql" and version "5.0.7" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.0.8 Search vendor "Oracle" for product "Mysql" and version "5.0.8" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.0.9 Search vendor "Oracle" for product "Mysql" and version "5.0.9" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.0.11 Search vendor "Oracle" for product "Mysql" and version "5.0.11" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.0.12 Search vendor "Oracle" for product "Mysql" and version "5.0.12" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.0.13 Search vendor "Oracle" for product "Mysql" and version "5.0.13" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.0.14 Search vendor "Oracle" for product "Mysql" and version "5.0.14" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.0.18 Search vendor "Oracle" for product "Mysql" and version "5.0.18" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.0.19 Search vendor "Oracle" for product "Mysql" and version "5.0.19" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.0.21 Search vendor "Oracle" for product "Mysql" and version "5.0.21" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.0.22 Search vendor "Oracle" for product "Mysql" and version "5.0.22" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.1.1 Search vendor "Oracle" for product "Mysql" and version "5.1.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.1.2 Search vendor "Oracle" for product "Mysql" and version "5.1.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.1.3 Search vendor "Oracle" for product "Mysql" and version "5.1.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.1.4 Search vendor "Oracle" for product "Mysql" and version "5.1.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.1.6 Search vendor "Oracle" for product "Mysql" and version "5.1.6" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.1.7 Search vendor "Oracle" for product "Mysql" and version "5.1.7" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.1.8 Search vendor "Oracle" for product "Mysql" and version "5.1.8" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.1.9 Search vendor "Oracle" for product "Mysql" and version "5.1.9" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.1.10 Search vendor "Oracle" for product "Mysql" and version "5.1.10" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.1.11 Search vendor "Oracle" for product "Mysql" and version "5.1.11" | - |
Affected
| ||||||