Bug 203434

Summary: CVE-2006-4227 mysql improper suid argument evaluation
Product: [Fedora] Fedora Reporter: Josh Bressers <bressers>
Component: mysqlAssignee: Tom Lane <tgl>
Status: CLOSED CURRENTRELEASE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 6CC: byte, hhorak
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: reported=20060818,source=cve,public=20060329,impact=moderate
Fixed In Version: 5.0.27-1.fc6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-11-28 02:21:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2006-08-21 20:58:48 UTC 
+++ This bug was initially created as a clone of Bug #203432 +++

MySQL improperly evaluates the argument passed to suid in the context of the
routine's definer, not in the context of the caller.  This could possibly lead
to privilege escalation.

The upstream bug has more information:
http://bugs.mysql.com/bug.php?id=18630
Comment 1 Mark J. Cox 2006-09-15 09:04:12 UTC 
still needed
Comment 2 Mark J. Cox 2006-09-25 10:21:25 UTC 
CVE-2006-4227 VULNERABLE (mysql, fixed 5.0.25,5.1.12) bz#203434
marking as FC6Blocker