Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6303 to the following vulnerability: MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. References: http://bugs.mysql.com/bug.php?id=29908 http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html
This issue did not affect mysql packages as shipped in Red Hat Enterprise Linux 2.1, 3, 4, or 5. Problem affected mysql as shipped in Red Hat Application Stack v1 and v2 and Fedora. Issue was rated as having low security impact and may be addressed in future mysql updates for affected products.
Problem was fixed in all affected supported products: Red Hat Application Stack: http://rhn.redhat.com/errata/RHSA-2007-1157.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-4471 https://admin.fedoraproject.org/updates/F8/FEDORA-2007-4465