Oval Definition:	oval:org.mitre.oval:def:9166
Revision Date: 2013-04-29 Version: 12 Title: The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. Description: The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. Family: unix Class: vulnerability Status: ACCEPTED Reference(s): CVE-2007-2692 Platform(s): CentOS Linux 5 Oracle Linux 5 Red Hat Enterprise Linux 5 Product(s): Definition Synopsis RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 OR The operating system installed on the system is CentOS Linux 5.x OR Oracle Linux 5.x AND Configuration section mysql is earlier than 0:5.0.45-7.el5 OR mysql-devel is earlier than 0:5.0.45-7.el5 OR mysql-test is earlier than 0:5.0.45-7.el5 OR mysql-bench is earlier than 0:5.0.45-7.el5 OR mysql-server is earlier than 0:5.0.45-7.el5
BACK