CVE-2006-4226 : MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote aut

MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.

Published 2006-08-18 20:04:00

Updated 2019-12-17 20:16:23

Source MITRE

View at NVD, CVE.org

Threat overview for CVE-2006-4226

Top countries where our scanners detected CVE-2006-4226

Top open port discovered on systems with this issue 3306

IPs affected by CVE-2006-4226 4,828

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2006-4226!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2006-4226

Probability of exploitation activity in the next 30 days: 0.48%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 75 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-4226

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.6	LOW	AV:N/AC:H/Au:S/C:P/I:P/A:N	3.9	4.9	NIST
Access Vector: Network Access Complexity: High Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None

Vendor statements for CVE-2006-4226

Red Hat 2006-09-19

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203426 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 2.1 or 3

References for CVE-2006-4226

http://www.redhat.com/support/errata/RHSA-2007-0083.html

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDKSA-2006:149

CVEs referencing this url
http://docs.info.apple.com/article.html?artnum=305214

CVEs referencing this url
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html

Patch

CVEs referencing this url
http://www.us-cert.gov/cas/techalerts/TA07-072A.html

Page Not Found | CISA
US Government Resource

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2007-0152.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10729
http://www.novell.com/linux/security/advisories/2006_23_sr.html

Security - Support | SUSE

CVEs referencing this url
http://www.vupen.com/english/advisories/2006/3306

CVEs referencing this url
http://securitytracker.com/id?1016710
https://exchange.xforce.ibmcloud.com/vulnerabilities/28448
http://www.securityfocus.com/bid/19559

Exploit;Patch

CVEs referencing this url
http://www.vupen.com/english/advisories/2007/0930

Webmail: access your OVH emails on ovhcloud.com | OVHcloud

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

CVEs referencing this url
http://www.debian.org/security/2006/dsa-1169

CVEs referencing this url
http://bugs.mysql.com/bug.php?id=17647

Exploit;Patch
http://lists.mysql.com/commits/5927

Patch

Products affected by CVE-2006-4226