MySQL privilege escalation v1.13 Vulnerability exploited: CAN-2002-1374 - BID-6373 Category: Exploits/Tools Upgrades privileges on an MySQL server from a user account to an administrator account. A vulnerability exists where when changing users on a MySQL server, the authentication information is only verified to the length supplied by the client.This means that it is possible to supply a single character of authentication information and make multiple guesses until the authentication succeeds.This module attempts to upgrade a given user account to the 'root' account then downloads all of the password hashes from the MySQL.user table. Supported Systems: Debian Linux 2.2 (i386) Debian Linux 3 (i386) RedHat Linux 6.2 (i386) RedHat Linux 7 (i386) RedHat Linux 7.1 (i386) RedHat Linux 7.2 (i386) SuSE Linux 7.1 (i386) SuSE Linux 7.2 (i386) Mandrake Linux 7.1 (i386) MySQL 3.23 This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.