CVE - CVE-2007-2692

CVE-ID
CVE-2007-2692	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! URL:http://lists.mysql.com/announce/470 MISC:http://bugs.mysql.com/bug.php?id=27337 CONFIRM:https://issues.rpath.com/browse/RPL-1536 CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html DEBIAN:DSA-1413 URL:http://www.debian.org/security/2007/dsa-1413 MANDRIVA:MDVSA-2008:028 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 REDHAT:RHSA-2007:0894 URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html REDHAT:RHSA-2008:0364 URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html SUSE:SUSE-SR:2008:003 URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html UBUNTU:USN-588-1 URL:http://www.ubuntu.com/usn/usn-588-1 BID:24011 URL:http://www.securityfocus.com/bid/24011 OSVDB:34765 URL:http://osvdb.org/34765 OVAL:oval:org.mitre.oval:def:9166 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9166 SECUNIA:30351 URL:http://secunia.com/advisories/30351 VUPEN:ADV-2007-1804 URL:http://www.vupen.com/english/advisories/2007/1804 SECTRACK:1018070 URL:http://www.securitytracker.com/id?1018070 SECUNIA:25301 URL:http://secunia.com/advisories/25301 SECUNIA:26073 URL:http://secunia.com/advisories/26073 SECUNIA:26430 URL:http://secunia.com/advisories/26430 SECUNIA:27823 URL:http://secunia.com/advisories/27823 SECUNIA:28637 URL:http://secunia.com/advisories/28637 SECUNIA:28838 URL:http://secunia.com/advisories/28838 SECUNIA:29443 URL:http://secunia.com/advisories/29443 XF:mysql-changedb-privilege-escalation(34348) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34348
Assigning CNA
N/A
Date Entry Created
20070515	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070515)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org