6

CVE-2007-2692

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MysqlMysql Version5.0.0
MysqlMysql Version5.0.1
MysqlMysql Version5.0.2
MysqlMysql Version5.0.3
MysqlMysql Version5.0.4
MysqlMysql Version5.0.5
MysqlMysql Version5.0.5.0.21
MysqlMysql Version5.0.10
MysqlMysql Version5.0.15
MysqlMysql Version5.0.16
MysqlMysql Version5.0.17
MysqlMysql Version5.0.20
MysqlMysql Version5.0.22.1.0.1
MysqlMysql Version5.0.24
MysqlMysql Version5.1.5
OracleMysql Version5.0.0 Updatealpha
OracleMysql Version5.0.3 Updatebeta
OracleMysql Version5.0.6
OracleMysql Version5.0.7
OracleMysql Version5.0.8
OracleMysql Version5.0.9
OracleMysql Version5.0.11
OracleMysql Version5.0.12
OracleMysql Version5.0.13
OracleMysql Version5.0.14
OracleMysql Version5.0.18
OracleMysql Version5.0.19
OracleMysql Version5.0.21
OracleMysql Version5.0.22
OracleMysql Version5.0.27
OracleMysql Version5.0.33
OracleMysql Version5.0.37
OracleMysql Version5.1.1
OracleMysql Version5.1.2
OracleMysql Version5.1.3
OracleMysql Version5.1.4
OracleMysql Version5.1.6
OracleMysql Version5.1.7
OracleMysql Version5.1.8
OracleMysql Version5.1.9
OracleMysql Version5.1.10
OracleMysql Version5.1.11
OracleMysql Version5.1.12
OracleMysql Version5.1.13
OracleMysql Version5.1.14
OracleMysql Version5.1.15
OracleMysql Version5.1.16
OracleMysql Version5.1.17
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.9% 0.769
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/30351
http://www.redhat.com/support/errata/RHSA-2008-0364.html
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
http://secunia.com/advisories/28838
http://secunia.com/advisories/29443
http://www.ubuntu.com/usn/usn-588-1
http://secunia.com/advisories/27823
http://www.debian.org/security/2007/dsa-1413
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html
http://lists.mysql.com/announce/470
http://secunia.com/advisories/25301
Vendor Advisory
http://secunia.com/advisories/26073
http://secunia.com/advisories/26430
http://www.redhat.com/support/errata/RHSA-2007-0894.html
http://www.securityfocus.com/archive/1/473874/100/0/threaded
http://www.vupen.com/english/advisories/2007/1804
https://issues.rpath.com/browse/RPL-1536
http://bugs.mysql.com/bug.php?id=27337
http://osvdb.org/34765
http://secunia.com/advisories/28637
http://www.mandriva.com/security/advisories?name=MDVSA-2008:028
http://www.securityfocus.com/bid/24011
http://www.securitytracker.com/id?1018070
https://exchange.xforce.ibmcloud.com/vulnerabilities/34348
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9166