MySQL AB security Invoker Stored procedure privilege elevation vulnerability.
Affected Systems:
MySQL AB mysql 5.1.x < 5.1.18.
MySQL AB mysql 5.0.x < 5.0.40.
Unaffected system:
MySQL AB MySQL 5.1.18.
MySQL AB MySQL 5.0.40.
Describe:
MySQL is a very extensive open source relational database system with a running version of various platforms.
MySQL has a vulnerability when it handles the return status of SQL security Invoker stored procedures that can be exploited by a local attacker to elevate permissions in the database system.
The mysql_change_db function in MySQL is not restored when returning from the SQL security Invoker stored procedure THD::d b_access permissions, which may allow a remote authenticated user to gain elevation of privilege. This vulnerability occurs only if a routine is defined with SQL Security Invoker, and the security environment can be correctly switched between Definer and invoker if defined with SQL security definer.
Vendor Patch:
MySQL AB
At present, the manufacturer has released the upgrade patch to fix this security issue, please go to the manufacturer's homepage to download:
Http://dev.mysql.com/get/Downloads/MySQL-5.0/mysql-5.0.41.tar.gz/from/pick
Http://dev.mysql.com/get/Downloads/MySQL-5.1/mysql-5.1.18-beta.tar.gz/from/pick