CVE-2006-4226 Information

Description

MySQL before 4.1.21 5.0 before 5.0.25 and 5.1 before 5.1.12 when run on case-sensitive filesystems allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.

Reference

http://bugs.mysql.com/bug.php?id=17647 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://lists.mysql.com/commits/5927 http://secunia.com/advisories/21506 http://secunia.com/advisories/21627 http://secunia.com/advisories/21762 http://secunia.com/advisories/22080 http://secunia.com/advisories/24479 http://secunia.com/advisories/24744 http://securitytracker.com/id?1016710 http://www.debian.org/security/2006/dsa-1169 http://www.mandriva.com/security/advisories?name=MDKSA-2006:149 http://www.novell.com/linux/security/advisories/2006_23_sr.html http://www.redhat.com/support/errata/RHSA-2007-0083.html http://www.redhat.com/support/errata/RHSA-2007-0152.html http://www.securityfocus.com/bid/19559 http://www.us-cert.gov/cas/techalerts/TA07-072A.html http://www.vupen.com/english/advisories/2006/3306 http://www.vupen.com/english/advisories/2007/0930 https://exchange.xforce.ibmcloud.com/vulnerabilities/28448 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10729