FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-4227

This CVE name corresponds to:

Entered Topic
2006-10-29 mysql -- database suid privilege escalation

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-4227 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-4227
Phase Assigned(20060818)

Description

MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.

References

Source Reference
MLIST [commits] 20060620 bk commit into 5.0 tree (kroki:1.2168) BUG#18630
CONFIRM http://bugs.mysql.com/bug.php?id=18630
CONFIRM http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html
REDHAT RHSA-2007:0083
REDHAT RHSA-2008:0364
SUSE SUSE-SR:2006:023
UBUNTU USN-338-1
BID 19559
OVAL oval:org.mitre.oval:def:10105
SECUNIA 30351
VUPEN ADV-2006-3306
SECTRACK 1016709
SECUNIA 21506
SECUNIA 21770
SECUNIA 22080
XF mysql-grant-execute-privilege-escalation(28442)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.