DescriptionMySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.
NVD CVSS v2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Novell/SUSE informationNovell Bugzilla entry: 201711 SUSE Security Advisories:
- SUSE-SR:2006:023, published Wed, 27 Sep 2006 14:00:00 +0000
List of released packages
|Product(s)||Fixed package version(s)||References|
|SUSE LINUX 10.1|| |