Rapid7 Vulnerability & Exploit Database

MySQL 'GRANT EXECUTE' Stored Procedure Permission Inheritance

Back to Search

MySQL 'GRANT EXECUTE' Stored Procedure Permission Inheritance

Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
08/17/2006
Created
07/25/2018
Added
08/01/2007
Modified
02/13/2015

Description

MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.

Solution(s)

  • mysql-upgrade-5_0_25
  • mysql-upgrade-5_1_12

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;