CVE-2007-2692

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.

🔗 References (50)

• cve@mitrehttp://bugs.mysql.com/bug.php?id=27337
• cve@mitrehttp://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html
• cve@mitrehttp://lists.mysql.com/announce/470
• cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
• cve@mitrehttp://osvdb.org/34765
• cve@mitrehttp://secunia.com/advisories/25301
• cve@mitrehttp://secunia.com/advisories/26073
• cve@mitrehttp://secunia.com/advisories/26430
• cve@mitrehttp://secunia.com/advisories/27823
• cve@mitrehttp://secunia.com/advisories/28637
• cve@mitrehttp://secunia.com/advisories/28838
• cve@mitrehttp://secunia.com/advisories/29443
• cve@mitrehttp://secunia.com/advisories/30351
• cve@mitrehttp://www.debian.org/security/2007/dsa-1413
• cve@mitrehttp://www.mandriva.com/security/advisories?name=MDVSA-2008:028