Published: 18/08/2006 Updated: 17/12/2019
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
VMScore: 655
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

MySQL prior to 5.0.25 and 5.1 prior to 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.

Vulnerable Product Search on Vulmon Subscribe to Product

mysql mysql 5.0.1

mysql mysql 5.0.2

mysql mysql 5.0.3

mysql mysql 5.0.4

mysql mysql 5.0.20

mysql mysql

mysql mysql 5.0.24

mysql mysql 5.1.5

oracle mysql 5.0.0

oracle mysql 5.1.6

oracle mysql 5.1.9

oracle mysql 5.1.10

Vendor Advisories

Dmitri Lenev discovered that arguments of setuid SQL functions were evaluated in the security context of the functions’ definer instead of its caller An authenticated user with the privilege to call such a function could exploit this to execute arbitrary statements with the privileges of the definer of that function (CVE-2006-4227) ...


source: wwwsecurityfocuscom/bid/19559/info MySQL is prone to these vulnerabilities: - A privilege-elevation vulnerability A user with privileges to execute SUID routines may gain elevated privileges by executing certain commands and code with higher privileges - A security-bypass vulnerability A user can bypass restrictions and creat ...