Bug 203432

Summary: CVE-2006-4227 mysql improper suid argument evaluation
Product: [Fedora] Fedora Reporter: Josh Bressers <bressers>
Component: mysqlAssignee: Tom Lane <tgl>
Status: CLOSED CURRENTRELEASE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 5CC: byte, hhorak
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: reported=20060818,source=cve,public=20060329,impact=moderate
Fixed In Version: 5.0.27-1.fc5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-11-28 02:26:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2006-08-21 20:57:07 UTC 
MySQL improperly evaluates the argument passed to suid in the context of the
routine's definer, not in the context of the caller.  This could possibly lead
to privilege escalation.

The upstream bug has more information:
http://bugs.mysql.com/bug.php?id=18630