CVE Vulnerabilities

CVE-2007-6303

Published: Dec 10, 2007 | Modified: Dec 17, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
3.5 LOW
AV:N/AC:M/Au:S/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.

Affected Software

Name Vendor Start Version End Version
Mysql Mysql 5.0.5 5.0.5
Mysql Mysql 5.0.10 5.0.10
Mysql Mysql 5.0.0 5.0.0
Mysql Mysql 5.0.15 5.0.15
Mysql Mysql 5.0.17 5.0.17
Mysql Mysql 5.0.5.0.21 5.0.5.0.21
Mysql Mysql 5.0.3 5.0.3
Mysql Mysql 5.0.24 5.0.24
Mysql Mysql 5.0.2 5.0.2
Mysql Mysql 5.0.22.1.0.1 5.0.22.1.0.1
Mysql Mysql 5.0.20 5.0.20
Mysql Mysql 5.0.1 5.0.1
Mysql Mysql 5.0.4 5.0.4
Mysql Mysql 5.0.16 5.0.16
Mysql Oracle 6.0.0 6.0.0
Mysql Oracle 6.0.1 6.0.1
Mysql Oracle 6.0.2 6.0.2
Mysql Oracle 6.0.3 6.0.3
Mysql Oracle 5.0.41 5.0.41
Mysql Oracle 5.1.1 5.1.1
Mysql Oracle 5.1.2 5.1.2
Mysql Oracle 5.1.10 5.1.10
Mysql Oracle 5.1.11 5.1.11
Mysql Oracle 5.1.12 5.1.12
Mysql Oracle 5.1.13 5.1.13
Mysql Oracle 5.1.14 5.1.14
Mysql Oracle 5.1.15 5.1.15
Mysql Oracle 5.1.16 5.1.16
Mysql Oracle 5.1.17 5.1.17

References