PublicDate: 2007-05-16 01:19:00 UTC
Candidate: CVE-2007-2692
References: 
 http://bugs.mysql.com/bug.php?id=28499
 http://bugs.mysql.com/bug.php?id=27337
 https://ubuntu.com/security/notices/USN-588-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2692
Description:
 The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before
 5.1.18 does not restore THD::db_access privileges when returning from SQL
 SECURITY INVOKER stored routines, which allows remote authenticated users
 to gain privileges.
Ubuntu-Description: 
Notes: 
 jdstrand> very large complicated patch that requires many changes to the
   source and does not apply cleanly at all to feisty's 5.0.38, let alone
   to edgy and dapper. Trying to backport this fix would more than likely cause
   larger problems than not fixing it.  Currently discussing a one-time
   MicroVersionUpdate option.  May have to "wont-fix" and give an updated
   pacakge in -backports.
 jdstrand> per pitti et al, too many changes for a MicroVersionUpdate
 jdstrand> patch now in etch (5.0.32-7etch3), but causes several test cases to
   fail on dapper through feisty (TODO: test etch)
 jdstrand> etch patch left out both the test cases and patch to sql/sql_db.cc.
   If add the test cases then etch fails
Bugs: 
 https://bugs.launchpad.net/ubuntu/gutsy/+source/mysql-dfsg-5.0/+bug/201009
Priority: medium
Discovered-by:
Assigned-to: jdstrand
CVSS: 

Patches_mysql-dfsg-5.0:
 vendor: debian etch (5.0.32-7etch3)
upstream_mysql-dfsg-5.0: released (5.0.40)
dapper_mysql-dfsg-5.0: released (5.0.22-0ubuntu6.06.8)
edgy_mysql-dfsg-5.0: released (5.0.24a-9ubuntu2.4)
feisty_mysql-dfsg-5.0: released (5.0.38-0ubuntu1.4)
gutsy_mysql-dfsg-5.0: released (5.0.45-1ubuntu2)
devel_mysql-dfsg-5.0: released (5.0.45-1ubuntu2)