PT-2007-7172 · Oracle · Mysql Server

Published

2007-12-10

Updated

2024-06-15

CVE-2007-6303

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions MySQL versions 5.0.x through 5.0.50, 5.1.x through 5.1.22, and 6.0.x through 6.0.3

Description The issue allows remote authenticated users to gain privileges by exploiting a sequence of statements, including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement, due to the failure of updating the DEFINER value of a view when it is altered.

Recommendations For MySQL versions 5.0.x through 5.0.50, update to version 5.0.51a or later. For MySQL versions 5.1.x through 5.1.22, update to version 5.1.23 or later. For MySQL versions 6.0.x through 6.0.3, update to version 6.0.4 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-6303

OPENSUSE-SU-2024:11038-1

RHSA-2007:1157

SUSE-RU-2023:3956-1

SUSE-RU-2023:4991-1

Affected Products

Mysql Server

PT-2007-7172 · Oracle · Mysql Server

CVE-2007-6303

Related Identifiers

Affected Products

References · 450