Bug #3404 Root account compromised
Submitted: 6 Apr 2004 18:57 Modified: 3 May 2004 14:03
Reporter: Alexander Kirillov
Status: Closed
Category:Server Severity:S1 (Critical)
Version:4.1, 5.0 OS:FreeBSD (FreeBSD)
Assigned to: Bugs System Target Version:

[6 Apr 2004 18:57] Alexander Kirillov 
Description:
Wrong set of user privileges and security settings in effect after GRANT statement and
before FLUSH PRIVILEGES. Actually all security related information is wiped out and not
restored till the privileges flushed.
In the meantime you can login to password-protected accounts without any passwords.

How to repeat:
mysql -u root -p
GRANT SHOW DATABASES ON *.* TO `root`@`localhost`;
Use another client to login to root account without password:
mysql -u root
DROP DATABASE `some database`; 
FLUSH PRIVILEGES;
Everything would go back to normal if you wouldn't drop
mysql database in prev step.
[3 May 2004 14:03] Michael Widenius 
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html

Additional info:

Fix will be in 4.1.2
Thanks for reporting this!

Regards,
Monty