Your submission was sent successfully! Close

CVE-2007-2692

Published: 16 May 2007

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.

Notes

AuthorNote
jdstrand
very large complicated patch that requires many changes to the
source and does not apply cleanly at all to feisty's 5.0.38, let alone
to edgy and dapper. Trying to backport this fix would more than likely cause
larger problems than not fixing it.  Currently discussing a one-time
MicroVersionUpdate option.  May have to "wont-fix" and give an updated
pacakge in -backports.
per pitti et al, too many changes for a MicroVersionUpdate
patch now in etch (5.0.32-7etch3), but causes several test cases to
fail on dapper through feisty (TODO: test etch)
etch patch left out both the test cases and patch to sql/sql_db.cc.
If add the test cases then etch fails
Priority

Medium

Status

Package Release Status
mysql-dfsg-5.0
Launchpad, Ubuntu, Debian
dapper
Released (5.0.22-0ubuntu6.06.8)
edgy
Released (5.0.24a-9ubuntu2.4)
feisty
Released (5.0.38-0ubuntu1.4)
gutsy
Released (5.0.45-1ubuntu2)
upstream
Released (5.0.40)