Bug #3404 Root account compromised
Submitted: 6 Apr 2004 16:57 Modified: 3 May 2004 12:03
Reporter: Alexander Kirillov Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:4.1, 5.0 OS:FreeBSD (FreeBSD)
Assigned to: Michael Widenius CPU Architecture:Any

[6 Apr 2004 16:57] Alexander Kirillov
Description:
Wrong set of user privileges and security settings in effect after GRANT statement and before FLUSH PRIVILEGES. Actually all security related information is wiped out and not restored till the privileges flushed.
In the meantime you can login to password-protected accounts without any passwords.

How to repeat:
mysql -u root -p
GRANT SHOW DATABASES ON *.* TO `root`@`localhost`;
Use another client to login to root account without password:
mysql -u root
DROP DATABASE `some database`; 
FLUSH PRIVILEGES;
Everything would go back to normal if you wouldn't drop
mysql database in prev step.
[3 May 2004 12:03] Michael Widenius
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html

Additional info:

Fix will be in 4.1.2
Thanks for reporting this!

Regards,
Monty