Bug 216427 (CVE-2006-4227)

Summary: CVE-2006-4227 mysql improper suid argument evaluation
Product: [Other] Security Response Reporter: Mark J. Cox <mjc>
Component: vulnerabilityAssignee: Tom Lane <tgl>
Status: CLOSED ERRATA QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: hhorak
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-07-25 08:14:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mark J. Cox 2006-11-20 12:13:02 UTC 
+++ This bug was initially created as a clone of Bug #203432 +++

MySQL improperly evaluates the argument passed to suid in the context of the
routine's definer, not in the context of the caller.  This could possibly lead
to privilege escalation.

The upstream bug has more information:
http://bugs.mysql.com/bug.php?id=18630
Comment 2 Red Hat Product Security 2008-07-25 08:14:16 UTC 
This issue was addressed in:

Red Hat Application Stack:
  http://rhn.redhat.com/errata/RHSA-2007-0083.html

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2008-0364.html