Vulnerability Description
MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mysql | Mysql | 5.0.1 |
| Oracle | Mysql | 5.0.0 |
Related Weaknesses (CWE)
References
- http://bugs.mysql.com/bug.php?id=18630Exploit
- http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html
- http://lists.mysql.com/commits/7918
- http://secunia.com/advisories/21506Vendor Advisory
- http://secunia.com/advisories/21770Vendor Advisory
- http://secunia.com/advisories/22080Vendor Advisory
- http://secunia.com/advisories/30351Vendor Advisory
- http://securitytracker.com/id?1016709
- http://www.novell.com/linux/security/advisories/2006_23_sr.html
- http://www.redhat.com/support/errata/RHSA-2007-0083.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2008-0364.htmlVendor Advisory
- http://www.securityfocus.com/bid/19559Exploit
- http://www.ubuntu.com/usn/usn-338-1
- http://www.vupen.com/english/advisories/2006/3306Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28442
FAQ
What is CVE-2006-4227?
CVE-2006-4227 is a vulnerability with a CVSS score of 6.5 (MEDIUM). MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users...
How severe is CVE-2006-4227?
CVE-2006-4227 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4227?
Check the references section above for vendor advisories and patch information. Affected products include: Mysql Mysql, Oracle Mysql.