Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6303

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2007-6303
Last Modified 01 Sep 2011 12:00:00
Published 10 Dec 2007 04:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2007-6303

Summary

MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.

Vulnerable Systems

Application

  • Mysql 5.0

  • Mysql 5.0.0

  • Mysql 5.0.0.0

  • Mysql 5.0.1

  • Mysql 5.0.10

  • Mysql 5.0.10a

  • Mysql 5.0.11

  • Mysql 5.0.12

  • Mysql 5.0.13

  • Mysql 5.0.14

  • Mysql 5.0.15

  • Mysql 5.0.15a

  • Mysql 5.0.16

  • Mysql 5.0.16a

  • Mysql 5.0.17

  • Mysql 5.0.17a

  • Mysql 5.0.18

  • Mysql 5.0.19

  • Mysql 5.0.1a

  • Mysql 5.0.2

  • Mysql 5.0.20

  • Mysql 5.0.20a

  • Mysql 5.0.21

  • Mysql 5.0.22

  • Mysql 5.0.22.1.0.1

  • Mysql 5.0.24

  • Mysql 5.0.27

  • Mysql 5.0.3

  • Mysql 5.0.33

  • Mysql 5.0.37

  • Mysql 5.0.3a

  • Mysql 5.0.4

  • Mysql 5.0.41

  • Mysql 5.0.4a

  • Mysql 5.0.5

  • Mysql 5.0.5.0.21

  • Mysql 5.0.6

  • Mysql 5.0.7

  • Mysql 5.0.8

  • Mysql 5.0.9

  • Mysql 5.1.1

  • Mysql 5.1.10

  • Mysql 5.1.11

  • Mysql 5.1.12

  • Mysql 5.1.13

  • Mysql 5.1.14

  • Mysql 5.1.15

  • Mysql 5.1.16

  • Mysql 5.1.17

  • Mysql 5.1.2

  • Mysql 6.0.0

  • Mysql 6.0.1

  • Mysql 6.0.2

  • Mysql 6.0.3


References

FEDORA - FEDORA-2007-4471

FEDORA - FEDORA-2007-4465

CONFIRM - https://issues.rpath.com/browse/RPL-2187

XF - mysql-definer-value-privilege-escalation(38989)

VUPEN - ADV-2007-4198

UBUNTU - USN-588-1

BID - 26832

BUGTRAQ - 20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server

REDHAT - RHSA-2007:1157

MANDRIVA - MDVSA-2008:017

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040

SECTRACK - 1019085

GENTOO - GLSA-200804-04

SECUNIA - 29706

SECUNIA - 29443

SECUNIA - 28838

SECUNIA - 28739

SECUNIA - 28063

SECUNIA - 28025

SUSE - SUSE-SR:2008:003

CONFIRM - http://lists.mysql.com/announce/502

CONFIRM - http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html

CONFIRM - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html

CONFIRM - http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html

CONFIRM - http://bugs.mysql.com/bug.php?id=29908

Related Patches

Novell SUSE 2008:4879 mysql security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:46:26