CVE - CVE-2007-5969

CVE-ID
CVE-2007-5969	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server URL:http://www.securityfocus.com/archive/1/486477/100/0/threaded MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released URL:http://lists.mysql.com/announce/495 CONFIRM:http://bugs.mysql.com/32111 CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html CONFIRM:http://forums.mysql.com/read.php?3,186931,186931 CONFIRM:https://issues.rpath.com/browse/RPL-1999 CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html CONFIRM:http://support.apple.com/kb/HT3216 APPLE:APPLE-SA-2008-10-09 URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html DEBIAN:DSA-1451 URL:http://www.debian.org/security/2008/dsa-1451 FEDORA:FEDORA-2007-4465 URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html FEDORA:FEDORA-2007-4471 URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html GENTOO:GLSA-200804-04 URL:http://security.gentoo.org/glsa/glsa-200804-04.xml MANDRIVA:MDKSA-2007:243 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 REDHAT:RHSA-2007:1155 URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html REDHAT:RHSA-2007:1157 URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html SLACKWARE:SSA:2007-348-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 SUSE:SUSE-SR:2008:003 URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html UBUNTU:USN-559-1 URL:https://usn.ubuntu.com/559-1/ BID:26765 URL:http://www.securityfocus.com/bid/26765 BID:31681 URL:http://www.securityfocus.com/bid/31681 OVAL:oval:org.mitre.oval:def:10509 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509 VUPEN:ADV-2007-4142 URL:http://www.vupen.com/english/advisories/2007/4142 VUPEN:ADV-2007-4198 URL:http://www.vupen.com/english/advisories/2007/4198 VUPEN:ADV-2008-0560 URL:http://www.vupen.com/english/advisories/2008/0560/references VUPEN:ADV-2008-1000 URL:http://www.vupen.com/english/advisories/2008/1000/references VUPEN:ADV-2008-2780 URL:http://www.vupen.com/english/advisories/2008/2780 SECTRACK:1019060 URL:http://www.securitytracker.com/id?1019060 SECUNIA:27981 URL:http://secunia.com/advisories/27981 SECUNIA:28040 URL:http://secunia.com/advisories/28040 SECUNIA:28063 URL:http://secunia.com/advisories/28063 SECUNIA:28025 URL:http://secunia.com/advisories/28025 SECUNIA:28108 URL:http://secunia.com/advisories/28108 SECUNIA:28099 URL:http://secunia.com/advisories/28099 SECUNIA:28128 URL:http://secunia.com/advisories/28128 SECUNIA:28343 URL:http://secunia.com/advisories/28343 SECUNIA:28559 URL:http://secunia.com/advisories/28559 SECUNIA:28838 URL:http://secunia.com/advisories/28838 SECUNIA:29706 URL:http://secunia.com/advisories/29706 SECUNIA:32222 URL:http://secunia.com/advisories/32222
Assigning CNA
N/A
Date Entry Created
20071114	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20071114)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.