MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
References | () http://bugs.mysql.com/bug.php?id=18630 - Exploit | |
References | () http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html - | |
References | () http://lists.mysql.com/commits/7918 - | |
References | () http://secunia.com/advisories/21506 - Vendor Advisory | |
References | () http://secunia.com/advisories/21770 - Vendor Advisory | |
References | () http://secunia.com/advisories/22080 - Vendor Advisory | |
References | () http://secunia.com/advisories/30351 - Vendor Advisory | |
References | () http://securitytracker.com/id?1016709 - | |
References | () http://www.novell.com/linux/security/advisories/2006_23_sr.html - | |
References | () http://www.redhat.com/support/errata/RHSA-2007-0083.html - Vendor Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0364.html - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/19559 - Exploit | |
References | () http://www.ubuntu.com/usn/usn-338-1 - | |
References | () http://www.vupen.com/english/advisories/2006/3306 - Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/28442 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10105 - |
Information
Published : 2006-08-18 20:04
Updated : 2024-11-21 00:15
NVD link : CVE-2006-4227
Mitre link : CVE-2006-4227
CVE.ORG link : CVE-2006-4227
JSON object : View
Products Affected
mysql
- mysql
oracle
- mysql
CWE
CWE-20
Improper Input Validation