PublicDate: 2006-08-18 20:04:00 UTC
Candidate: CVE-2006-4227
References:
 https://ubuntu.com/security/notices/USN-338-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4227
Description:
 MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid
 routines in the security context of the routine's definer instead of the
 routine's caller, which allows remote authenticated users to gain
 privileges through a routine that has been made available using GRANT
 EXECUTE.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_mysql-dfsg-5.0: released (5.0.22-0ubuntu6.06.3)
edgy_mysql-dfsg-5.0: released (5.0.24a-9ubuntu0.1)
feisty_mysql-dfsg-5.0: released (5.0.38-0ubuntu1)
devel_mysql-dfsg-5.0: released (5.0.38-0ubuntu1)
upstream_mysql-dfsg-5.0: needs-triage