MySQL COM_CHANGE_USER Password Length Account Compromise Vulnerability

Bugtraq ID: 6373
Class: Design Error
CVE: CVE-2002-1374
CVE-2002-1374
Remote: Yes
Local: No
Published: Dec 12 2002 12:00AM
Updated: Jul 11 2009 07:16PM
Credit: Discovery of this issue is credited to Stefan Esser <s.esser@e-matters.de>.
Vulnerable: Veritas Software NetBackup Global Data Manager 4.5 MP3
Veritas Software NetBackup Global Data Manager 4.5 MP2
Veritas Software NetBackup Global Data Manager 4.5 MP1
Veritas Software NetBackup Global Data Manager 4.5 FP3
Veritas Software NetBackup Global Data Manager 4.5 FP2
Veritas Software NetBackup Global Data Manager 4.5 FP1
Veritas Software NetBackup Global Data Manager 4.5
Veritas Software NetBackup Advanced Reporter 4.5 MP3
Veritas Software NetBackup Advanced Reporter 4.5 MP2
Veritas Software NetBackup Advanced Reporter 4.5 MP1
Veritas Software NetBackup Advanced Reporter 4.5 FP3
Veritas Software NetBackup Advanced Reporter 4.5 FP2
Veritas Software NetBackup Advanced Reporter 4.5 FP1
Veritas Software NetBackup Advanced Reporter 4.5
Veritas Software NetBackup Advanced Reporter 3.4
MySQL AB MySQL 4.0.5 a
MySQL AB MySQL 4.0.3
MySQL AB MySQL 4.0.2
MySQL AB MySQL 4.0.1
MySQL AB MySQL 4.0 .0
MySQL AB MySQL 3.23.53 a
MySQL AB MySQL 3.23.53
+ OpenPKG OpenPKG Current
+ Sun Cobalt Qube 3
MySQL AB MySQL 3.23.52
+ Conectiva Linux Enterprise Edition 1.0
+ Mandriva Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ S.u.S.E. Linux 8.1
+ Trustix Secure Linux 1.5
MySQL AB MySQL 3.23.51
MySQL AB MySQL 3.23.50
MySQL AB MySQL 3.23.49
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ RedHat Linux 7.3 i686
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
MySQL AB MySQL 3.23.48
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
MySQL AB MySQL 3.23.47
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
MySQL AB MySQL 3.23.46
+ Conectiva Linux 8.0
+ OpenPKG OpenPKG 1.0
MySQL AB MySQL 3.23.45
MySQL AB MySQL 3.23.44
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
MySQL AB MySQL 3.23.43
MySQL AB MySQL 3.23.42
MySQL AB MySQL 3.23.41
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.2
MySQL AB MySQL 3.23.40
MySQL AB MySQL 3.23.39
+ HP SCM 3.0
MySQL AB MySQL 3.23.38
MySQL AB MySQL 3.23.37
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
MySQL AB MySQL 3.23.36
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ EnGarde Secure Linux 1.0.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i686
+ RedHat Linux 7.1 i586
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1
MySQL AB MySQL 3.23.34
- Debian Linux 2.2 sparc
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 arm
- Debian Linux 2.2 alpha
- Debian Linux 2.2 68k
- Debian Linux 2.2
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 3.5.1
- HP HP-UX 11.11
- HP HP-UX 11.0
- IBM AIX 4.3.3
- IBM AIX 4.3.2
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- RedHat Linux 5.2 sparc
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 alpha
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 2.6_x86
- Sun Solaris 2.6
MySQL AB MySQL 3.23.33
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
MySQL AB MySQL 3.23.32
+ Wirex Immunix OS 7+
MySQL AB MySQL 3.23.31
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
MySQL AB MySQL 3.23.30
MySQL AB MySQL 3.23.29
MySQL AB MySQL 3.23.28
MySQL AB MySQL 3.23.27
MySQL AB MySQL 3.23.26
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
MySQL AB MySQL 3.23.25
MySQL AB MySQL 3.23.24
MySQL AB MySQL 3.23.23
MySQL AB MySQL 3.23.22
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0
MySQL AB MySQL 3.23.10
MySQL AB MySQL 3.23.9
MySQL AB MySQL 3.23.8
MySQL AB MySQL 3.23.5
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Trustix Secure Linux 1.5
MySQL AB MySQL 3.23.4
MySQL AB MySQL 3.23.3
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
MySQL AB MySQL 3.22.32
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
MySQL AB MySQL 3.22.30
MySQL AB MySQL 3.22.29
MySQL AB MySQL 3.22.28
MySQL AB MySQL 3.22.27
MySQL AB MySQL 3.22.26
Miva htmlscript 3.23.32
Not Vulnerable: Veritas Software NetBackup Global Data Manager 4.5 MP4
Veritas Software NetBackup Global Data Manager 4.5 FP4
Veritas Software NetBackup Advanced Reporter 4.5 MP4
Veritas Software NetBackup Advanced Reporter 4.5 FP4
MySQL AB MySQL 3.23.54
+ Sun Cobalt RaQ 550
+ Trustix Secure Linux 1.5


 

Privacy Statement
Copyright 2010, SecurityFocus