FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mysql -- database suid privilege escalation

Affected packages
5.1 <= mysql-server < 5.1.12
5.0 <= mysql-server < 5.0.25

Details

VuXML ID a9c51caf-6603-11db-ab90-000e35fd8194
Discovery 2006-03-29
Entry 2006-10-29
Modified 2006-10-30

Dmitri Lenev reports a privilege escalation in MySQL. MySQL evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote and local authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.

References

CVE Name CVE-2006-4227
URL http://bugs.mysql.com/bug.php?id=18630

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.