Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5970

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2007-5970
Last Modified 07 Mar 2011 10:01:35
Published 10 Dec 2007 02:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5970

Summary

MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.

Vulnerable Systems

Application

  • Mysql 5.1.1

  • Mysql 5.1.10

  • Mysql 5.1.11

  • Mysql 5.1.12

  • Mysql 5.1.13

  • Mysql 5.1.14

  • Mysql 5.1.15

  • Mysql 5.1.16

  • Mysql 5.1.17

  • Mysql 5.1.2

  • Mysql 6.0.0

  • Mysql 6.0.1

  • Mysql 6.0.2

  • Mysql 6.0.3

  • Mysql 6.0.4


References

VUPEN - ADV-2008-0560

OSVDB - 42607

CONFIRM - http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html

CONFIRM - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html

XF - mysql-datadirectory-privilege-escalation(38988)

SECTRACK - 1019084


Last Updated: 27 May 2016 10:46:20