[mysql] [CVE-2007-6303] remote privilege escalation

Bug #185039 reported by disabled.user
254
Affects Status Importance Assigned to Milestone
mysql-dfsg-5.0 (Ubuntu)
Fix Released
Undecided
Jamie Strandboge

Bug Description

Binary package hint: mysql-server

Quoting from CVE-2007-6303:
"MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement."

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

hardy not affected. dapper-gutsy are.

Changed in mysql-dfsg-5.0:
assignee: nobody → jamie-strandboge
status: New → In Progress
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This fix is part of a larger update and is available in -proposed. Please test and report results in bug #201009.

Changed in mysql-dfsg-5.0:
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-dfsg-5.0 - 5.0.45-1ubuntu3.3

---------------
mysql-dfsg-5.0 (5.0.45-1ubuntu3.3) gutsy-security; urgency=low

  * no change build for -security upload

mysql-dfsg-5.0 (5.0.45-1ubuntu3.2) gutsy-proposed; urgency=low

  * SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in
    handshake.cpp and input_buffer& operator>> in yassl_imp.cpp
  * SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp
  * debian/patches/95_SECURITY_CVE-2008-0226_0227.dpatch: properly verify
    length of input (LP: #186978)
  * SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY
    DEFINER VIEW and ALTER VIEW statements
  * debian/patches/96_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer
    is non-NULL in sql_view.cc (LP: #185039)
  * debian/patches/97_view_fix-now.dpatch: update view.test and view.result to
    use a static year instead of now(). These tests are not part of the build
    but helps with qa-regression-testing
  * References
    CVE-2008-0226
    CVE-2008-0227
    CVE-2007-6303

 -- Jamie Strandboge <email address hidden> Wed, 19 Mar 2008 15:18:09 -0400

Changed in mysql-dfsg-5.0:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.