FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-2691

This CVE name corresponds to:

Entered Topic
2009-01-11 mysql -- renaming of arbitrary tables by authenticated users

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-2691 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-2691
Phase Assigned(20070515)

Description

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

References

Source Reference
BUGTRAQ 20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server
MLIST [announce] 20070712 MySQL Community Server 5.0.45 has been released!
MISC http://bugs.mysql.com/bug.php?id=27515
CONFIRM https://issues.rpath.com/browse/RPL-1536
CONFIRM http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html
CONFIRM http://support.apple.com/kb/HT3216
APPLE APPLE-SA-2008-10-09
DEBIAN DSA-1413
MANDRIVA MDKSA-2007:139
REDHAT RHSA-2007:0894
REDHAT RHSA-2008:0768
REDHAT RHSA-2008:0364
SUSE SUSE-SR:2008:003
UBUNTU USN-528-1
BID 24016
BID 31681
OSVDB 34766
OVAL oval:org.mitre.oval:def:9559
SECUNIA 30351
VUPEN ADV-2007-1804
VUPEN ADV-2008-2780
SECTRACK 1018069
SECUNIA 25301
SECUNIA 25946
SECUNIA 26073
SECUNIA 27155
SECUNIA 26430
SECUNIA 27823
SECUNIA 28838
SECUNIA 31226
SECUNIA 32222
XF mysql-renametable-weak-security(34347)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.