CVE - CVE-2007-2691

CVE-ID
CVE-2007-2691	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2008-10-09 URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html BID:24016 URL:http://www.securityfocus.com/bid/24016 BID:31681 URL:http://www.securityfocus.com/bid/31681 BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server URL:http://www.securityfocus.com/archive/1/473874/100/0/threaded CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html CONFIRM:http://support.apple.com/kb/HT3216 CONFIRM:https://issues.rpath.com/browse/RPL-1536 DEBIAN:DSA-1413 URL:http://www.debian.org/security/2007/dsa-1413 MANDRIVA:MDKSA-2007:139 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:139~~ (Obsolete source) MISC:http://bugs.mysql.com/bug.php?id=27515 MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! URL:http://lists.mysql.com/announce/470 OSVDB:34766 URL:~~http://osvdb.org/34766~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:9559 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559 REDHAT:RHSA-2007:0894 URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html REDHAT:RHSA-2008:0364 URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html REDHAT:RHSA-2008:0768 URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html SECTRACK:1018069 URL:http://www.securitytracker.com/id?1018069 SECUNIA:25301 URL:http://secunia.com/advisories/25301 SECUNIA:25946 URL:http://secunia.com/advisories/25946 SECUNIA:26073 URL:http://secunia.com/advisories/26073 SECUNIA:26430 URL:http://secunia.com/advisories/26430 SECUNIA:27155 URL:http://secunia.com/advisories/27155 SECUNIA:27823 URL:http://secunia.com/advisories/27823 SECUNIA:28838 URL:http://secunia.com/advisories/28838 SECUNIA:30351 URL:http://secunia.com/advisories/30351 SECUNIA:31226 URL:http://secunia.com/advisories/31226 SECUNIA:32222 URL:http://secunia.com/advisories/32222 SUSE:SUSE-SR:2008:003 URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html UBUNTU:USN-528-1 URL:https://usn.ubuntu.com/528-1/ VUPEN:ADV-2007-1804 URL:~~http://www.vupen.com/english/advisories/2007/1804~~ (Obsolete source) VUPEN:ADV-2008-2780 URL:~~http://www.vupen.com/english/advisories/2008/2780~~ (Obsolete source) XF:mysql-renametable-weak-security(34347) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34347
Assigning CNA
MITRE Corporation
Date Record Created
20070515	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070515)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)