|
|
CVE Reference: CVE-2006-4227 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-4227 |
|
|
Description: MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/28442 UBUNTU http://www.ubuntu.com/usn/usn-338-1 SUSE http://www.novell.com/linux/security/advisories/2006_23_sr.html ST 1016709 SAID Secunia Advisory: SA22080 Secunia Advisory: SA21770 Secunia Advisory: SA21506 Secunia Advisory: SA30351 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0364.html http://www.redhat.com/support/errata/RHSA-2007-0083.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10105 MLIST http://lists.mysql.com/commits/7918 CONFIRM http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html http://bugs.mysql.com/bug.php?id=18630 BID 19559 |
|
| Return to the previous page. |
