6.5
CVE-2006-4227
- EPSS 11.76%
- Veröffentlicht 18.08.2006 20:04:00
- Zuletzt bearbeitet 16.06.2026 22:28:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 11.76% | 0.955 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/22080
http://www.novell.com/linux/security/advisories/2006_23_sr.html
http://secunia.com/advisories/30351
http://www.redhat.com/support/errata/RHSA-2007-0083.html
http://www.redhat.com/support/errata/RHSA-2008-0364.html
http://secunia.com/advisories/21770
http://www.ubuntu.com/usn/usn-338-1
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html
http://secunia.com/advisories/21506
http://www.securityfocus.com/bid/19559
http://www.vupen.com/english/advisories/2006/3306
http://bugs.mysql.com/bug.php?id=18630
http://lists.mysql.com/commits/7918
http://securitytracker.com/id?1016709
https://exchange.xforce.ibmcloud.com/vulnerabilities/28442
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10105