Red Hat Bugzilla – Bug 420231
CVE-2007-6303 mysql: DEFINER value of view not altered on ALTER VIEW
Last modified: 2007-12-19 11:36:35 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6303 to the following vulnerability:
MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.
This issue did not affect mysql packages as shipped in Red Hat Enterprise Linux
2.1, 3, 4, or 5.
Problem affected mysql as shipped in Red Hat Application Stack v1 and v2 and
Fedora. Issue was rated as having low security impact and may be addressed in
future mysql updates for affected products.
Problem was fixed in all affected supported products:
Red Hat Application Stack: