Red Hat Bugzilla – Bug 241689
CVE-2007-2692 mysql SECURITY INVOKER functions do not drop privileges
Last modified: 2009-10-23 15:05:40 EDT
Description of problem:
Functions declared as SECURITY INVOKER do not drop privileges upon
return and thus make it possible for an authenticated user calling
then can gain certain privileges.
Version-Release number of selected component (if applicable):
MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18
This issue was addressed in:
Red Hat Application Stack:
Red Hat Enterprise Linux:
Reporter changed to email@example.com by request of Jay Turner.