CVE-2007-2691

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
References
Link Resource
http://bugs.mysql.com/bug.php?id=27515 Vendor Advisory
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html Patch Vendor Advisory
http://www.securityfocus.com/bid/24016 Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1018069 Third Party Advisory VDB Entry
http://secunia.com/advisories/25301 Third Party Advisory
http://lists.mysql.com/announce/470 Vendor Advisory
https://issues.rpath.com/browse/RPL-1536 Broken Link
http://www.debian.org/security/2007/dsa-1413 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0894.html Third Party Advisory
http://secunia.com/advisories/25946 Third Party Advisory
http://secunia.com/advisories/26073 Third Party Advisory
http://secunia.com/advisories/27155 Third Party Advisory
http://secunia.com/advisories/26430 Third Party Advisory
http://secunia.com/advisories/27823 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html Third Party Advisory
http://secunia.com/advisories/28838 Third Party Advisory
http://secunia.com/advisories/31226 Third Party Advisory
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html Mailing List Third Party Advisory
http://www.securityfocus.com/bid/31681 Third Party Advisory VDB Entry
http://support.apple.com/kb/HT3216 Third Party Advisory
http://secunia.com/advisories/32222 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0768.html Third Party Advisory
http://secunia.com/advisories/30351 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0364.html Third Party Advisory
http://www.vupen.com/english/advisories/2007/1804 Third Party Advisory
http://www.vupen.com/english/advisories/2008/2780 Third Party Advisory
http://osvdb.org/34766 Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/34347 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559 Third Party Advisory
https://usn.ubuntu.com/528-1/ Third Party Advisory
http://www.securityfocus.com/archive/1/473874/100/0/threaded Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*

Information

Published : 2007-05-16 01:19

Updated : 2018-10-19 07:00


NVD link : CVE-2007-2691

Mitre link : CVE-2007-2691

Products Affected
No products.