CVE-2007-6303

Priority
Low
Description
MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4
does not update the DEFINER value of a view when the view is altered, which
allows remote authenticated users to gain privileges via a sequence of
statements including a CREATE SQL SECURITY DEFINER VIEW statement and an
ALTER VIEW statement.
References
Bugs
Notes
jdstrand> patch from debian works on gutsy and feisty. On edgy and dapper
the test case fails (meaning the patch is incomplete).
Assigned-to
jdstrand
Package
Upstream:released (5.0.45-5)
Ubuntu 8.04 LTS (Hardy Heron):not-affected (5.0.51a-1ubuntu1)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:18:24 UTC (commit 5347)