What is the severity of CVE-2002-1374?

CVE-2002-1374 is considered to be a high severity vulnerability due to the potential for unauthorized access.

How do I fix CVE-2002-1374?

To fix CVE-2002-1374, upgrade your MySQL version to 3.23.54 or later, or 4.0.6 or later.

What systems are affected by CVE-2002-1374?

CVE-2002-1374 affects MySQL versions 3.x prior to 3.23.54 and 4.x prior to 4.0.6.

Can CVE-2002-1374 be exploited remotely?

Yes, CVE-2002-1374 can be exploited remotely using a brute force attack with a one-character password.

What is the impact of CVE-2002-1374?

The impact of CVE-2002-1374 is that it allows remote attackers to gain privileges on the affected MySQL server.

Vulnerability/
CVE-2002-1374

high

7.5

CWE

NVD-CWE-Other

23/12/2002

1/9/2004

8/8/2024

CVE-2002-1374

First published: Mon Dec 23 2002(Updated: )

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Oracle MySQL	=3.22.26
Oracle MySQL	=3.22.27
Oracle MySQL	=3.22.28
Oracle MySQL	=3.22.29
Oracle MySQL	=3.22.30
Oracle MySQL	=3.22.32
Oracle MySQL	=3.23.2
Oracle MySQL	=3.23.3
Oracle MySQL	=3.23.4
Oracle MySQL	=3.23.5
Oracle MySQL	=3.23.8
Oracle MySQL	=3.23.9
Oracle MySQL	=3.23.10
Oracle MySQL	=3.23.23
Oracle MySQL	=3.23.24
Oracle MySQL	=3.23.25
Oracle MySQL	=3.23.26
Oracle MySQL	=3.23.27
Oracle MySQL	=3.23.28
Oracle MySQL	=3.23.29
Oracle MySQL	=3.23.30
Oracle MySQL	=3.23.31
Oracle MySQL	=3.23.34
Oracle MySQL	=3.23.36
Oracle MySQL	=3.23.37
Oracle MySQL	=3.23.38
Oracle MySQL	=3.23.39
Oracle MySQL	=3.23.40
Oracle MySQL	=3.23.41
Oracle MySQL	=3.23.42
Oracle MySQL	=3.23.43
Oracle MySQL	=3.23.44
Oracle MySQL	=3.23.45
Oracle MySQL	=3.23.46
Oracle MySQL	=3.23.47
Oracle MySQL	=3.23.48
Oracle MySQL	=3.23.49
Oracle MySQL	=3.23.50
Oracle MySQL	=3.23.51
Oracle MySQL	=3.23.52
Oracle MySQL	=3.23.53
Oracle MySQL	=3.23.53a
Oracle MySQL	=4.0.0
Oracle MySQL	=4.0.1
Oracle MySQL	=4.0.2
Oracle MySQL	=4.0.3
Oracle MySQL	=4.0.5a
Symantec Veritas NetBackup	=3.4
Symantec Veritas NetBackup	=4.5
Symantec Veritas NetBackup	=4.5_fp1
Symantec Veritas NetBackup	=4.5_fp2
Symantec Veritas NetBackup	=4.5_fp3
Symantec Veritas NetBackup	=4.5_mp1
Symantec Veritas NetBackup	=4.5_mp2
Symantec Veritas NetBackup	=4.5_mp3
Symantec Veritas NetBackup	=4.5
Symantec Veritas NetBackup	=4.5_fp1
Symantec Veritas NetBackup	=4.5_fp2
Symantec Veritas NetBackup	=4.5_fp3
Symantec Veritas NetBackup	=4.5_mp1
Symantec Veritas NetBackup	=4.5_mp2
Symantec Veritas NetBackup	=4.5_mp3

Remedy

http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html

Remedy

http://www.securityfocus.com/bid/6373

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2002-1374?
CVE-2002-1374 is considered to be a high severity vulnerability due to the potential for unauthorized access.
How do I fix CVE-2002-1374?
To fix CVE-2002-1374, upgrade your MySQL version to 3.23.54 or later, or 4.0.6 or later.
What systems are affected by CVE-2002-1374?
CVE-2002-1374 affects MySQL versions 3.x prior to 3.23.54 and 4.x prior to 4.0.6.
Can CVE-2002-1374 be exploited remotely?
Yes, CVE-2002-1374 can be exploited remotely using a brute force attack with a one-character password.
What is the impact of CVE-2002-1374?
The impact of CVE-2002-1374 is that it allows remote attackers to gain privileges on the affected MySQL server.

agent/references
agent/type
agent/first-publish-date
agent/remedy
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/last-modified-date
agent/author
agent/description
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/oracle
canonical/oracle mysql
version/oracle mysql/3.22.26
version/oracle mysql/3.22.27
version/oracle mysql/3.22.28
version/oracle mysql/3.22.29
version/oracle mysql/3.22.30
version/oracle mysql/3.22.32
version/oracle mysql/3.23.2
version/oracle mysql/3.23.3
version/oracle mysql/3.23.4
version/oracle mysql/3.23.5
version/oracle mysql/3.23.8
version/oracle mysql/3.23.9
version/oracle mysql/3.23.10
version/oracle mysql/3.23.23
version/oracle mysql/3.23.24
version/oracle mysql/3.23.25
version/oracle mysql/3.23.26
version/oracle mysql/3.23.27
version/oracle mysql/3.23.28
version/oracle mysql/3.23.29
version/oracle mysql/3.23.30
version/oracle mysql/3.23.31
version/oracle mysql/3.23.34
version/oracle mysql/3.23.36
version/oracle mysql/3.23.37
version/oracle mysql/3.23.38
version/oracle mysql/3.23.39
version/oracle mysql/3.23.40
version/oracle mysql/3.23.41
version/oracle mysql/3.23.42
version/oracle mysql/3.23.43
version/oracle mysql/3.23.44
version/oracle mysql/3.23.45
version/oracle mysql/3.23.46
version/oracle mysql/3.23.47
version/oracle mysql/3.23.48
version/oracle mysql/3.23.49
version/oracle mysql/3.23.50
version/oracle mysql/3.23.51
version/oracle mysql/3.23.52
version/oracle mysql/3.23.53
version/oracle mysql/3.23.53a
version/oracle mysql/4.0.0
version/oracle mysql/4.0.1
version/oracle mysql/4.0.2
version/oracle mysql/4.0.3
version/oracle mysql/4.0.5a
vendor/symantec veritas
canonical/symantec veritas netbackup
version/symantec veritas netbackup/3.4
version/symantec veritas netbackup/4.5
version/symantec veritas netbackup/4.5_fp1
version/symantec veritas netbackup/4.5_fp2
version/symantec veritas netbackup/4.5_fp3
version/symantec veritas netbackup/4.5_mp1
version/symantec veritas netbackup/4.5_mp2
version/symantec veritas netbackup/4.5_mp3

CVE-2002-1374

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2002-1374?

How do I fix CVE-2002-1374?

What systems are affected by CVE-2002-1374?

Can CVE-2002-1374 be exploited remotely?

What is the impact of CVE-2002-1374?

Company

Resources

Contact