Launchpad.net

CVE 2007-2692

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.

Related bugs and status

CVE-2007-2692 (Candidate) is related to these bugs:

Bug #172260: [mysql] multiple vulnerabilities

		In	Importance	Status
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu)	Unknown	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (tuXlab)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Dapper)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Dapper)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Dapper)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Dapper)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Edgy)	Undecided	Won't Fix
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Edgy)	Undecided	Won't Fix
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Edgy)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Edgy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Feisty)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Feisty)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Feisty)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Feisty)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Gutsy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Gutsy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Gutsy)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Gutsy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Hardy)	Unknown	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Hardy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Hardy)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Hardy)	Undecided	Invalid

Bug #186978: [mysql] [CVE-2008-0226] [CVE-2008-0227] buffer overflows in YaSSL

		In	Importance	Status
186978	[mysql] [CVE-2008-0226] [CVE-2008-0227] buffer overflows in YaSSL	mysql-dfsg-5.0 (Ubuntu)	Undecided	Fix Released
186978	[mysql] [CVE-2008-0226] [CVE-2008-0227] buffer overflows in YaSSL	mysql-dfsg-5.0 (Ubuntu Edgy)	Undecided	Fix Released
186978	[mysql] [CVE-2008-0226] [CVE-2008-0227] buffer overflows in YaSSL	mysql-dfsg-5.0 (Ubuntu Feisty)	Undecided	Fix Released
186978	[mysql] [CVE-2008-0226] [CVE-2008-0227] buffer overflows in YaSSL	mysql-dfsg-5.0 (Ubuntu Gutsy)	Undecided	Fix Released

Bug #201009: [mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed

		In	Importance	Status
201009	[mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed	mysql-dfsg-5.0 (Ubuntu)	Undecided	Fix Released
201009	[mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed	mysql-dfsg-5.0 (Ubuntu Dapper)	High	Fix Released
201009	[mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed	mysql-dfsg-5.0 (Ubuntu Edgy)	High	Fix Released
201009	[mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed	mysql-dfsg-5.0 (Ubuntu Feisty)	High	Fix Released
201009	[mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed	mysql-dfsg-5.0 (Ubuntu Gutsy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://bugs.mysql.com/...
CONFIRM: http://dev.mysql.com/d...
BID: 24011
SECTRACK: 1018070
SECUNIA: 25301
SECUNIA: 26073
REDHAT: RHSA-2007:0894
MLIST: [announce] 20070712 My...
CONFIRM: https://issues.rpath.c...
SECUNIA: 26430
DEBIAN: DSA-1413
SECUNIA: 27823
MANDRIVA: MDVSA-2008:028
SECUNIA: 28637
SUSE: SUSE-SR:2008:003
SECUNIA: 28838
UBUNTU: USN-588-1
SECUNIA: 29443
REDHAT: RHSA-2008:0364
SECUNIA: 30351
VUPEN: ADV-2007-1804
OSVDB: 34765
XF: mysql-changedb-privile...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20070717 rPSA-2007-014...