CVE-2007-6303

Related Files

Gentoo Linux Security Advisory 200804-4

Posted Apr 8, 2008

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200804-04 - Multiple vulnerabilities in MySQL might lead to privilege escalation and Denial of Service. Versions less than 5.0.54 are affected.

tags | advisory, denial of service, vulnerability

systems | linux, gentoo

advisories | CVE-2007-5969, CVE-2007-6303, CVE-2007-6304

SHA-256 | ed35843cc7b849fcc2148b35f0f87b4d7399be620db920feee64392c53c86ffe

Download | Favorite | View

Ubuntu Security Notice 588-2

Posted Apr 3, 2008

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 588-2 - USN-588-1 fixed vulnerabilities in MySQL. In fixing CVE-2007-2692 for Ubuntu 6.06, additional improvements were made to make privilege checks more restrictive. As a result, an upstream bug was exposed which could cause operations on tables or views in a different database to fail. This update fixes the problem.

tags | advisory, vulnerability

systems | linux, ubuntu

advisories | CVE-2007-2692, CVE-2006-7232, CVE-2007-6303, CVE-2008-0226, CVE-2008-0227

SHA-256 | 7b3e0c3b9aac237bc56c8aa95c0492465ee731361e13d7ca3e16a16caaa29be0

Download | Favorite | View

Ubuntu Security Notice 588-1

Posted Mar 20, 2008

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 588-1 - Masaaki Hirose discovered that MySQL could be made to dereference a NULL pointer. An authenticated user could cause a denial of service (application crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table. This issue only affects Ubuntu 6.06 and 6.10. Alexander Nozdrin discovered that MySQL did not restore database access privileges when returning from SQL SECURITY INVOKER stored routines. An authenticated user could exploit this to gain privileges. This issue does not affect Ubuntu 7.10. Martin Friebe discovered that MySQL did not properly update the DEFINER value of an altered view. An authenticated user could use CREATE SQL SECURITY DEFINER VIEW and ALTER VIEW statements to gain privileges. Luigi Auriemma discovered that yaSSL as included in MySQL did not properly validate its input. A remote attacker could send crafted requests and cause a denial of service or possibly execute arbitrary code. This issue did not affect Ubuntu 6.06 in the default installation.

tags | advisory, remote, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2006-7232, CVE-2007-2692, CVE-2007-6303, CVE-2008-0226, CVE-2008-0227

SHA-256 | 5a8255800f0f13ab0170873f78aa7381ffe3fa764291a6fe05ed17d87fae4f3f

Download | Favorite | View

Mandriva Linux Security Advisory 2008-017

Posted Jan 22, 2008

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - MySQL 5.0.x did not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. The federated engine in MySQL 5.0.x, when performing a certain SHOW TABLE STATUS query, did not properly handle a response with a small number of columns, which could allow a remote MySQL server to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.

tags | advisory, remote, denial of service

systems | linux, mandriva

advisories | CVE-2007-6303, CVE-2007-6304

SHA-256 | a1e86bf461724a17194bea211aa6e1ca1410860a789cb70ca2874be4c9878a49

Download | Favorite | View