MySQL Error in Checking suid Routine Arguments May Let Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1016709
|
|
SecurityTracker URL: http://securitytracker.com/id?1016709
|
|
CVE Reference: CVE-2006-4227
(Links to External Site)
|
Updated: Jun 5 2008
|
Original Entry Date: Aug 17 2006
|
Impact: Disclosure of user information, Execution of arbitrary code via network, Modification of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 5.0.25
|
Description: A vulnerability was reported in MySQL. A remote authenticated user may be able to execute routines with elevated privileges.
When an authenticated user is granted access to a stored routine via the GRANT EXECUTE command, the user may be able to execute the
routine with the privileges of the user that originally defined the routine.
Dmitri Lenev reported this vulnerability.
|
Impact: A remote authenticated user may be able to execute routines with the privileges of another user.
|
Solution: The vendor has issued a fix. The fix is planned for inclusion in upcoming version 5.0.25.
The MySQL advisory is available at:
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html
|
Vendor URL: dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 17 Aug 2006 16:27:44 -0400
Subject: MySQL, Changes in release 5.0.25 (Not yet released)
|
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html
#
Security fix: On Linux, and possibly other platforms using case-sensitive filesystems,
it was possible for a user granted rights on a database to create or access a database
whose name differed only from that of the first by the case of one or more letters.
(Bug#17647)
#
Security fix: A stored routine created by one user and then made accessible to a
different user using GRANT EXECUTE could be executed by that user with the privileges
of the routine's definer. (Bug#18630)
|
|
