Vulnerability Name:

CVE-2007-2692 (CCN-34348)

Assigned:2007-05-16
Published:2007-05-16
Updated:2019-12-17
Summary:The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
CVSS v3 Severity:5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
4.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
4.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: MISC
Type: UNKNOWN
http://bugs.mysql.com/bug.php?id=27337

Source: MITRE
Type: CNA
CVE-2007-2692

Source: CCN
Type: MySQL 5.1 Reference Manual
C.1.2. Changes in release 5.1.18 (08 May 2007)

Source: CONFIRM
Type: UNKNOWN
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html

Source: MLIST
Type: UNKNOWN
[announce] 20070712 MySQL Community Server 5.0.45 has been released!

Source: SUSE
Type: UNKNOWN
SUSE-SR:2008:003

Source: OSVDB
Type: UNKNOWN
34765

Source: CCN
Type: RHSA-2007-0894
Important: mysql security update

Source: CCN
Type: RHSA-2008-0364
Low: mysql security and bug fix update

Source: CCN
Type: SA25301
MySQL Denial of Service Vulnerability and Multiple Security Issues

Source: SECUNIA
Type: Vendor Advisory
25301

Source: SECUNIA
Type: UNKNOWN
26073

Source: SECUNIA
Type: UNKNOWN
26430

Source: SECUNIA
Type: UNKNOWN
27823

Source: SECUNIA
Type: UNKNOWN
28637

Source: SECUNIA
Type: UNKNOWN
28838

Source: SECUNIA
Type: UNKNOWN
29443

Source: SECUNIA
Type: UNKNOWN
30351

Source: CCN
Type: SECTRACK ID: 1018070
MySQL SQL SECURITY INVOKER Routines Let Remote Authenticated Users Gain Elevated Privileges

Source: CCN
Type: ASA-2007-382
MySQL security update (RHSA-2007-0894)

Source: DEBIAN
Type: UNKNOWN
DSA-1413

Source: DEBIAN
Type: DSA-1413
mysql -- multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:028

Source: CCN
Type: MySQL Web site
MySQL AB :: The world's most popular open source database

Source: CCN
Type: OSVDB ID: 34765
MySQL mysql_change_db Function THD::db_access Privilege Escalation

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0894

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0364

Source: BUGTRAQ
Type: UNKNOWN
20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server

Source: BID
Type: UNKNOWN
24011

Source: CCN
Type: BID-24011
MySQL Security Invoker Privilege Escalation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018070

Source: CCN
Type: USN-588-1
MySQL vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-588-1

Source: CCN
Type: USN-588-2
MySQL regression

Source: VUPEN
Type: UNKNOWN
ADV-2007-1804

Source: XF
Type: UNKNOWN
mysql-changedb-privilege-escalation(34348)

Source: XF
Type: UNKNOWN
mysql-changedb-privilege-escalation(34348)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1536

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9166

Source: SUSE
Type: SUSE-SR:2008:003
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:mysql:5.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.4:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.5:-:*:*:*:*:*:*
  • OR cpe:/a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.10:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.15:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.16:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.17:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.20:-:*:*:*:*:*:*
  • OR cpe:/a:mysql:mysql:5.0.22.1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.24:-:*:*:*:*:*:*
  • OR cpe:/a:mysql:mysql:5.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.22:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.27:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.33:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.37:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.12:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.14:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.15:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.16:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.17:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:mysql:5.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.10:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.10:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.15:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.15:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.16:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.16:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.17:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.17:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.1:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.20:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.20:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.22:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.24:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.27:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.33:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.37:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.3:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.4:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.4:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.5:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.12:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.14:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.15:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.16:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.17:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:mysql:mysql:5.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:mysql:mysql:5.0.22.1.0.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20072692
    V
    		CVE-2007-2692
    2015-11-16
    oval:org.mitre.oval:def:17802
    P
    		USN-588-2 -- mysql-dfsg-5.0 regression
    2014-06-30
    oval:org.mitre.oval:def:17775
    P
    		USN-588-1 -- mysql-dfsg-5.0 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:20366
    P
    		DSA-1413-1 mysql - multiple
    2014-06-23
    oval:org.mitre.oval:def:22310
    P
    		ELSA-2008:0364: mysql security and bug fix update (Low)
    2014-05-26
    oval:org.mitre.oval:def:9166
    V
    		The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
    2013-04-29
    oval:com.redhat.rhsa:def:20080364
    P
    		RHSA-2008:0364: mysql security and bug fix update (Low)
    2008-05-21
    oval:org.debian:def:1413
    V
    		multiple vulnerabilities
    2007-11-26
    BACK
    mysql mysql 5.0.0
    mysql mysql 5.0.1
    mysql mysql 5.0.2
    mysql mysql 5.0.3
    mysql mysql 5.0.4
    mysql mysql 5.0.5
    mysql mysql 5.0.5.0.21
    mysql mysql 5.0.10
    mysql mysql 5.0.15
    mysql mysql 5.0.16
    mysql mysql 5.0.17
    mysql mysql 5.0.20
    mysql mysql 5.0.22.1.0.1
    mysql mysql 5.0.24
    mysql mysql 5.1.5
    oracle mysql 5.0.0 alpha
    oracle mysql 5.0.3 beta
    oracle mysql 5.0.6
    oracle mysql 5.0.7
    oracle mysql 5.0.8
    oracle mysql 5.0.9
    oracle mysql 5.0.11
    oracle mysql 5.0.12
    oracle mysql 5.0.13
    oracle mysql 5.0.14
    oracle mysql 5.0.18
    oracle mysql 5.0.19
    oracle mysql 5.0.21
    oracle mysql 5.0.22
    oracle mysql 5.0.27
    oracle mysql 5.0.33
    oracle mysql 5.0.37
    oracle mysql 5.1.1
    oracle mysql 5.1.2
    oracle mysql 5.1.3
    oracle mysql 5.1.4
    oracle mysql 5.1.6
    oracle mysql 5.1.7
    oracle mysql 5.1.8
    oracle mysql 5.1.9
    oracle mysql 5.1.10
    oracle mysql 5.1.11
    oracle mysql 5.1.12
    oracle mysql 5.1.13
    oracle mysql 5.1.14
    oracle mysql 5.1.15
    oracle mysql 5.1.16
    oracle mysql 5.1.17
    mysql mysql 5.0
    mysql mysql 5.0.18
    mysql mysql 5.0.0
    mysql mysql 5.0.0.0
    mysql mysql 5.0.0 alpha
    mysql mysql 5.0.1
    mysql mysql 5.0.10
    mysql mysql 5.0.10a
    mysql mysql 5.0.11
    mysql mysql 5.0.12
    mysql mysql 5.0.13
    mysql mysql 5.0.14
    mysql mysql 5.0.15
    mysql mysql 5.0.15a
    mysql mysql 5.0.16
    mysql mysql 5.0.16a
    mysql mysql 5.0.17
    mysql mysql 5.0.17a
    mysql mysql 5.0.19
    mysql mysql 5.0.1a
    mysql mysql 5.0.2
    mysql mysql 5.0.20
    mysql mysql 5.0.20a
    mysql mysql 5.0.21
    mysql mysql 5.0.22
    mysql mysql 5.0.24
    mysql mysql 5.0.27
    mysql mysql 5.0.3
    mysql mysql 5.0.3 beta
    mysql mysql 5.0.33
    mysql mysql 5.0.37
    mysql mysql 5.0.3a
    mysql mysql 5.0.4
    mysql mysql 5.0.4a
    mysql mysql 5.0.5
    mysql mysql 5.0.6
    mysql mysql 5.0.7
    mysql mysql 5.0.8
    mysql mysql 5.0.9
    mysql mysql 5.1.1
    mysql mysql 5.1.10
    mysql mysql 5.1.11
    mysql mysql 5.1.12
    mysql mysql 5.1.13
    mysql mysql 5.1.14
    mysql mysql 5.1.15
    mysql mysql 5.1.16
    mysql mysql 5.1.17
    mysql mysql 5.1.2
    mysql mysql 5.1.3
    mysql mysql 5.1.4
    mysql mysql 5.1.5
    mysql mysql 5.1.6
    mysql mysql 5.1.7
    mysql mysql 5.1.8
    mysql mysql 5.1.9
    mysql mysql 5.0.22.1.0.1
    debian debian linux 3.1
    canonical ubuntu 6.06
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    debian debian linux 4.0
    canonical ubuntu 7.04
    redhat enterprise linux 5
    canonical ubuntu 7.10
    mandrakesoft mandrake linux 2007.1