Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5969

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2007-5969
Last Modified 01 Sep 2011 12:00:00
Published 10 Dec 2007 02:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2007-5969

Summary

MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.

Vulnerable Systems

Application

  • Mysql Community Server 5.0.41

  • Mysql Community Server 5.0.44

  • Mysql Community Server 5.0.45

  • Mysql Community Server 5.0.50

  • Mysql Enterprise Server 5.0.50

  • Mysql Server 5.1.22

  • Mysql Server 6.0

  • Mysql Server 6.0.1

  • Mysql Server 6.0.2

  • Mysql Server 6.0.3


References

BID - 31681

FEDORA - FEDORA-2007-4471

FEDORA - FEDORA-2007-4465

CONFIRM - https://issues.rpath.com/browse/RPL-1999

VUPEN - ADV-2008-2780

VUPEN - ADV-2008-1000

VUPEN - ADV-2008-0560

VUPEN - ADV-2007-4198

VUPEN - ADV-2007-4142

UBUNTU - USN-559-1

SECTRACK - 1019060

BID - 26765

BUGTRAQ - 20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server

REDHAT - RHSA-2007:1157

REDHAT - RHSA-2007:1155

MANDRIVA - MDKSA-2007:243

DEBIAN - DSA-1451

CONFIRM - http://support.apple.com/kb/HT3216

SLACKWARE - SSA:2007-348-01

GENTOO - GLSA-200804-04

SECUNIA - 32222

SECUNIA - 29706

SECUNIA - 28838

SECUNIA - 28559

SECUNIA - 28343

SECUNIA - 28128

SECUNIA - 28108

SECUNIA - 28099

SECUNIA - 28063

SECUNIA - 28040

SECUNIA - 28025

SECUNIA - 27981

SUSE - SUSE-SR:2008:003

MLIST - [Announcements] 20071206 MySQL 5.0.51 has been released

APPLE - APPLE-SA-2008-10-09

CONFIRM - http://forums.mysql.com/read.php?3,186931,186931

CONFIRM - http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html

CONFIRM - http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html

CONFIRM - http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html

Related Patches

Apple 2008-10-09 Security Update 2008-007 Server (Leopard)

Novell SUSE 2008:4879 mysql security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:46:20