[debian-mysql] Bug#493258: Mysql-Server security bug
Anatoly Shipitsin
norguhtar at gmail.com
Fri Aug 1 16:46:23 UTC 2008
Package: mysql-server
Version: 5.0.32-Debian_7etch6-log
I'm got strange security bug in mysql. I'm create user and database,
then grant all to database:
> CREATE USER santa IDENTIFIED BY 'test';
>GRANT USAGE ON *.* TO 'santa'@'%' IDENTIFIED BY 'test';
>CREATE DATABASE santa_base;
>GRANT ALL PRIVILEGES ON santa_base.* TO 'santa'@'%' IDENTIFIED BY 'test';
Then i'm test create database:
>create database test;
I'm got access denied for user. But when i'm test create database santa?base:
>create database `santa?base`;
It's create database.
My system:
Debian Etch 4.0 kernel 2.6.18-fza-028stab053.5-amd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20080801/811083ee/attachment.htm
More information about the pkg-mysql-maint
mailing list