CVE-2007-6303

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.

References

http://bugs.mysql.com/bug.php?id=29908

http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html

http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html

http://lists.mysql.com/announce/502

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html

http://secunia.com/advisories/28025

http://secunia.com/advisories/28063

http://secunia.com/advisories/28739

http://secunia.com/advisories/28838

http://secunia.com/advisories/29443

http://secunia.com/advisories/29706

http://security.gentoo.org/glsa/glsa-200804-04.xml

http://securitytracker.com/id?1019085

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040

http://www.mandriva.com/security/advisories?name=MDVSA-2008:017

http://www.redhat.com/support/errata/RHSA-2007-1157.html

http://www.securityfocus.com/archive/1/487606/100/0/threaded

http://www.securityfocus.com/bid/26832

http://www.ubuntu.com/usn/usn-588-1

http://www.vupen.com/english/advisories/2007/4198

https://exchange.xforce.ibmcloud.com/vulnerabilities/38989

https://issues.rpath.com/browse/RPL-2187

https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html

https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html

Details

Source: MITRE

Published: 2007-12-10

Updated: 2019-12-17

Risk Information

CVSS v2

Base Score: 3.5

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 6.8

Severity: LOW

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
78218F5 Networks BIG-IP : MySQL vulnerabilities (SOL8178)NessusF5 Networks Local Security Checks
high
17813MySQL < 5.0.51a / 5.1.23 / 6.0.4 Multiple VulnerabilitiesNessusDatabases
medium
41184SuSE9 Security Update : MySQL (YOU Patch Number 12044)NessusSuSE Local Security Checks
high
36404Mandriva Linux Security Advisory : mysql (MDVSA-2008:017)NessusMandriva Local Security Checks
medium
36399Mandriva Linux Security Advisory : mysql (MDVSA-2008:028)NessusMandriva Local Security Checks
medium
31835GLSA-200804-04 : MySQL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
31783Ubuntu 6.06 LTS : mysql-dfsg-5.0 regression (USN-588-2)NessusUbuntu Local Security Checks
high
31638Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : mysql-dfsg-5.0 vulnerabilities (USN-588-1)NessusUbuntu Local Security Checks
high
30182SuSE 10 Security Update : MySQL (ZYPP Patch Number 4879)NessusSuSE Local Security Checks
high
30180openSUSE 10 Security Update : libmysqlclient-devel (libmysqlclient-devel-4873)NessusSuSE Local Security Checks
high
29752CentOS 4 : mysql (CESA-2007:1222-001)NessusCentOS Local Security Checks
high
29714Fedora 7 : mysql-5.0.45-6.fc7 (2007-4471)NessusFedora Local Security Checks
high
29712Fedora 8 : mysql-5.0.45-6.fc8 (2007-4465)NessusFedora Local Security Checks
high
4313MySQL Community Server < 5.1.23 / 6.0.4 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium
4312Oracle MySQL Enterprise Server < 5.0.52 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium
29346MySQL Enterprise Server 5.0 < 5.0.52 Multiple VulnerabilitiesNessusDatabases
medium
29345MySQL Community Server < 5.1.23 / 6.0.4 Multiple VulnerabilitiesNessusDatabases
medium
801147MySQL Community Server < 5.1.23 / 6.0.4 Multiple VulnerabilitiesLog Correlation EngineDatabase
medium
801138MySQL Enterprise Server < 5.0.52 Multiple VulnerabilitiesLog Correlation EngineDatabase
medium