|
|
>> MySQL Multiple Query Handling Privilege Escalation and Security Bypass Vulnerabilities
|
Multiple vulnerabilities have been identified in MySQL, which could be exploited by malicious users to bypass security checks or obtain sensitive information.
The first issue is caused by an error when invoking a stored routine declared using SQL SECURITY INVOKER, which could be exploited by authenticated attackers to bypass security restrictions and gain elevated privileges.
The second vulnerability is caused by an error in the "mysql_execute_command()" function that does not properly validate users privilege when executing a RENAME TABLE command, which could be exploited by malicious users, without DROP privileges, to rename arbitrary tables.
The third issue is caused by an error when displaying error messages, which could be exploited by a malicious user with "ALTER" privileges on a partitioned table to obtain certain information that should normally require "SELECT" privileges.
Affected Products
MySQL versions prior to 5.1.18
Solution
Upgrade to MySQL version 5.1.18 :
http://dev.mysql.com/downloads/
References
http://www.vupen.com/english/advisories/2007/1804
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html
http://bugs.mysql.com/27337
http://bugs.mysql.com/27515
http://bugs.mysql.com/23675
Credits
Vulnerabilities reported by Alexander Nozdrin, Victoria Reznichenko and Peter Gulutzan.
ChangeLog
2007-05-14 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
