CVE-2006-4227: Input Validation
First published: Fri Aug 18 2006(Updated: )
MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MySQL (MySQL-common) | =5.0.3 | |
| MySQL (MySQL-common) | =5.0.24 | |
| MySQL (MySQL-common) | =5.0.2 | |
| MySQL (MySQL-common) | =5.0.22.1.0.1 | |
| MySQL (MySQL-common) | =5.0.20 | |
| MySQL (MySQL-common) | =5.0.1 | |
| MySQL (MySQL-common) | =5.0.4 | |
| MySQL (MySQL-common) | =5.1.5 | |
| Oracle MySQL | =5.0.0-alpha | |
| Oracle MySQL | =5.1.6 | |
| Oracle MySQL | =5.1.9 | |
| Oracle MySQL | =5.1.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.mysql.com/commits/7918
- http://bugs.mysql.com/bug.php?id=18630
- http://www.securityfocus.com/bid/19559
- http://secunia.com/advisories/21506
- http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html
- http://securitytracker.com/id?1016709
- http://www.ubuntu.com/usn/usn-338-1
- http://secunia.com/advisories/21770
- http://www.novell.com/linux/security/advisories/2006_23_sr.html
- http://secunia.com/advisories/22080
- http://www.redhat.com/support/errata/RHSA-2007-0083.html
- http://www.redhat.com/support/errata/RHSA-2008-0364.html
- http://secunia.com/advisories/30351
- http://www.vupen.com/english/advisories/2006/3306
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28442
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10105
Frequently Asked Questions
What is the severity of CVE-2006-4227?
CVE-2006-4227 has a moderate severity rating since it allows authenticated users to gain elevated privileges.
How do I fix CVE-2006-4227?
To fix CVE-2006-4227, upgrade MySQL to version 5.0.25 or later, or 5.1.12 or later.
What versions of MySQL are affected by CVE-2006-4227?
CVE-2006-4227 affects MySQL versions prior to 5.0.25 and 5.1 prior to 5.1.12.
What type of vulnerability is CVE-2006-4227?
CVE-2006-4227 is a privilege escalation vulnerability due to inappropriate evaluation of routine arguments.
Can remote users exploit CVE-2006-4227?
Yes, remote authenticated users can exploit CVE-2006-4227 by leveraging vulnerable routines to gain unauthorized privileges.
- agent/type
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- vendor/mysql
- canonical/mysql (mysql-common)
- version/mysql (mysql-common)/5.0.3
- version/mysql (mysql-common)/5.0.24
- version/mysql (mysql-common)/5.0.2
- version/mysql (mysql-common)/5.0.22.1.0.1
- version/mysql (mysql-common)/5.0.20
- version/mysql (mysql-common)/5.0.1
- version/mysql (mysql-common)/5.0.4
- version/mysql (mysql-common)/5.1.5
- vendor/oracle
- canonical/oracle mysql
- version/oracle mysql/5.0.0-alpha
- version/oracle mysql/5.1.6
- version/oracle mysql/5.1.9
- version/oracle mysql/5.1.10