PT-2007-7172 · Oracle · Mysql Server

Publicado

2007-12-10

Atualizado

2024-06-15

CVE-2007-6303

CVSS v2.0

3.5

Baixa

Vetor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions MySQL versions 5.0.x through 5.0.50, 5.1.x through 5.1.22, and 6.0.x through 6.0.3

Description The issue allows remote authenticated users to gain privileges by exploiting a sequence of statements, including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement, due to the failure of updating the DEFINER value of a view when it is altered.

Recommendations For MySQL versions 5.0.x through 5.0.50, update to version 5.0.51a or later. For MySQL versions 5.1.x through 5.1.22, update to version 5.1.23 or later. For MySQL versions 6.0.x through 6.0.3, update to version 6.0.4 or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2007-6303

OPENSUSE-SU-2024:11038-1

RHSA-2007:1157

SUSE-RU-2023:3956-1

SUSE-RU-2023:4991-1

Produtos afetados

Mysql Server

PT-2007-7172 · Oracle · Mysql Server

CVE-2007-6303

Identificadores relacionados

Produtos afetados

Referências · 450