CVE-2006-4227 Information

Feb 14, 2021 cve

Description

MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine’s definer instead of the routine’s caller which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.

Reference

http://bugs.mysql.com/bug.php?id=18630 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html http://lists.mysql.com/commits/7918 http://secunia.com/advisories/21506 http://secunia.com/advisories/21770 http://secunia.com/advisories/22080 http://secunia.com/advisories/30351 http://securitytracker.com/id?1016709 http://www.novell.com/linux/security/advisories/2006_23_sr.html http://www.redhat.com/support/errata/RHSA-2007-0083.html http://www.redhat.com/support/errata/RHSA-2008-0364.html http://www.securityfocus.com/bid/19559 http://www.ubuntu.com/usn/usn-338-1 http://www.vupen.com/english/advisories/2006/3306 https://exchange.xforce.ibmcloud.com/vulnerabilities/28442 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10105

Share on: