CVE 2007-6303
MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.
Related bugs and status
CVE-2007-6303 (Candidate) is related to these bugs:
Bug #172260: [mysql] multiple vulnerabilities
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
172260 | [mysql] multiple vulnerabilities | mysql-dfsg (Ubuntu) | Unknown | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.0 (tuXlab) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-4.1 (Ubuntu) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.0 (Ubuntu) | Medium | Fix Released | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.1 (Ubuntu) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg (Ubuntu Dapper) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-4.1 (Ubuntu Dapper) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.0 (Ubuntu Dapper) | Medium | Fix Released | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.1 (Ubuntu Dapper) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg (Ubuntu Edgy) | Undecided | Won't Fix | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-4.1 (Ubuntu Edgy) | Undecided | Won't Fix | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.0 (Ubuntu Edgy) | Medium | Fix Released | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.1 (Ubuntu Edgy) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg (Ubuntu Feisty) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-4.1 (Ubuntu Feisty) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.0 (Ubuntu Feisty) | Medium | Fix Released | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.1 (Ubuntu Feisty) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg (Ubuntu Gutsy) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-4.1 (Ubuntu Gutsy) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.0 (Ubuntu Gutsy) | Medium | Fix Released | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.1 (Ubuntu Gutsy) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg (Ubuntu Hardy) | Unknown | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-4.1 (Ubuntu Hardy) | Undecided | Invalid | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.0 (Ubuntu Hardy) | Medium | Fix Released | ||
172260 | [mysql] multiple vulnerabilities | mysql-dfsg-5.1 (Ubuntu Hardy) | Undecided | Invalid |
Bug #185039: [mysql] [CVE-2007-6303] remote privilege escalation
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
185039 | [mysql] [CVE-2007-6303] remote privilege escalation | mysql-dfsg-5.0 (Ubuntu) | Undecided | Fix Released |
Bug #186978: [mysql] [CVE-2008-0226] [CVE-2008-0227] buffer overflows in YaSSL
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
186978 | [mysql] [CVE-2008-0226] [CVE-2008-0227] buffer overflows in YaSSL | mysql-dfsg-5.0 (Ubuntu) | Undecided | Fix Released | ||
186978 | [mysql] [CVE-2008-0226] [CVE-2008-0227] buffer overflows in YaSSL | mysql-dfsg-5.0 (Ubuntu Edgy) | Undecided | Fix Released | ||
186978 | [mysql] [CVE-2008-0226] [CVE-2008-0227] buffer overflows in YaSSL | mysql-dfsg-5.0 (Ubuntu Feisty) | Undecided | Fix Released | ||
186978 | [mysql] [CVE-2008-0226] [CVE-2008-0227] buffer overflows in YaSSL | mysql-dfsg-5.0 (Ubuntu Gutsy) | Undecided | Fix Released |
Bug #201009: [mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
201009 | [mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed | mysql-dfsg-5.0 (Ubuntu) | Undecided | Fix Released | ||
201009 | [mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed | mysql-dfsg-5.0 (Ubuntu Dapper) | High | Fix Released | ||
201009 | [mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed | mysql-dfsg-5.0 (Ubuntu Edgy) | High | Fix Released | ||
201009 | [mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed | mysql-dfsg-5.0 (Ubuntu Feisty) | High | Fix Released | ||
201009 | [mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed | mysql-dfsg-5.0 (Ubuntu Gutsy) | High | Fix Released |
See the
CVE page on Mitre.org
for more details.