[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-5969Date: (C)2007-12-10   (M)2023-12-22


MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.1
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: SINGLE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1019060
http://www.securityfocus.com/archive/1/486477/100/0/threaded
BID-26765
SECUNIA-27981
SECUNIA-28025
SECUNIA-28040
SECUNIA-28063
SECUNIA-28099
SECUNIA-28108
SECUNIA-28128
SECUNIA-28343
SECUNIA-28559
SECUNIA-28838
SECUNIA-29706
BID-31681
SECUNIA-32222
ADV-2007-4142
ADV-2007-4198
ADV-2008-0560
ADV-2008-1000
ADV-2008-2780
APPLE-SA-2008-10-09
DSA-1451
FEDORA-2007-4465
FEDORA-2007-4471
GLSA-200804-04
MDKSA-2007:243
RHSA-2007:1155
RHSA-2007:1157
SSA:2007-348-01
SUSE-SR:2008:003
USN-559-1
http://lists.mysql.com/announce/495
http://bugs.mysql.com/32111
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html
http://forums.mysql.com/read.php?3%2C186931%2C186931
http://support.apple.com/kb/HT3216
https://issues.rpath.com/browse/RPL-1999
oval:org.mitre.oval:def:10509

CPE    3
cpe:/a:mysql:community_server:5.0.45
cpe:/a:mysql:community_server:5.0.44
cpe:/a:mysql:community_server:5.0.41
CWE    1
CWE-264
OVAL    1
oval:org.mitre.oval:def:7811

© SecPod Technologies