[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-2691Date: (C)2007-05-15   (M)2023-12-22


MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.9
Exploit Score: 6.8
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: NONE
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1018069
http://www.securityfocus.com/archive/1/473874/100/0/threaded
BID-24016
SECUNIA-25301
SECUNIA-25946
SECUNIA-26073
SECUNIA-26430
SECUNIA-27155
SECUNIA-27823
SECUNIA-28838
SECUNIA-30351
SECUNIA-31226
BID-31681
SECUNIA-32222
OSVDB-34766
ADV-2007-1804
ADV-2008-2780
APPLE-SA-2008-10-09
DSA-1413
MDKSA-2007:139
RHSA-2007:0894
RHSA-2008:0364
RHSA-2008:0768
SUSE-SR:2008:003
USN-528-1
http://lists.mysql.com/announce/470
http://bugs.mysql.com/bug.php?id=27515
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html
http://support.apple.com/kb/HT3216
https://issues.rpath.com/browse/RPL-1536
mysql-renametable-weak-security(34347)
oval:org.mitre.oval:def:9559

CPE    6
cpe:/o:canonical:ubuntu_linux:6.06::~~lts~~~
cpe:/o:canonical:ubuntu_linux:7.04
cpe:/a:mysql:mysql
cpe:/o:debian:debian_linux:3.1
...

© SecPod Technologies