Bug 420231 - (CVE-2007-6303) CVE-2007-6303 mysql: DEFINER value of view not altered on ALTER VIEW
CVE-2007-6303 mysql: DEFINER value of view not altered on ALTER VIEW
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
http://nvd.nist.gov/nvd.cfm?cvename=C...
source=cve,reported=20071210,public=2...
: Security
Depends On: 422161 422171 422211 424921 424931
Blocks:
  Show dependency treegraph
 
Reported: 2007-12-11 12:56 EST by Tomas Hoger
Modified: 2007-12-19 11:36 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-12-19 11:36:35 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2007-12-11 12:56:51 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6303 to the following vulnerability:

MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.

References:

http://bugs.mysql.com/bug.php?id=29908
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html
Comment 3 Tomas Hoger 2007-12-13 03:45:29 EST
This issue did not affect mysql packages as shipped in Red Hat Enterprise Linux
2.1, 3, 4, or 5.

Problem affected mysql as shipped in Red Hat Application Stack v1 and v2 and
Fedora.  Issue was rated as having low security impact and may be addressed in
future mysql updates for affected products. 
Comment 8 Tomas Hoger 2007-12-19 11:36:35 EST
Problem was fixed in all affected supported products:

Red Hat Application Stack:  	
  http://rhn.redhat.com/errata/RHSA-2007-1157.html

Fedora:
  https://admin.fedoraproject.org/updates/F7/FEDORA-2007-4471
  https://admin.fedoraproject.org/updates/F8/FEDORA-2007-4465

Note You need to log in before you can comment on or make changes to this bug.