CVE-2007-2692

Impact:
Low
Public Date:
2007-05-17
Bugzilla:
241689: CVE-2007-2692 mysql SECURITY INVOKER functions do not drop privileges

The MITRE CVE dictionary describes this issue as:

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.

Find out more about CVE-2007-2692 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue did not affect mysql packages as shipped in Red Hat Enterprise Linux 2.1, 3 and 4.

Affected mysql packages as shipped in Red Hat Enterprise Linux 5 and Red Hat Application Stack were fixed via:

https://rhn.redhat.com/errata/CVE-2007-2692.html

Red Hat Security Errata

Platform Errata Release Date
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) (mysql) RHSA-2007:0894 2007-09-10
Red Hat Enterprise Linux 5 (mysql) RHSA-2008:0364 2008-05-20

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.