PT-2007-6896 · Mysql Server+1 · Mysql Community Server+3
Published
2007-12-10
·
Updated
2024-06-15
·
CVE-2007-5969
CVSS v2.0
7.1
High
| Vector | AV:N/AC:H/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
MySQL Community Server versions 5.0.x through 5.0.50
MySQL Enterprise Server versions 5.0.x through 5.0.51
MySQL Server versions 5.1.x through 5.1.22
MySQL Server versions 6.0.x through 6.0.3
Description
The issue allows remote authenticated users to gain privileges by overwriting system table information. This is achieved through a RENAME TABLE statement that changes a symlink, created using explicit DATA DIRECTORY and INDEX DIRECTORY options, to point to an existing file.
Recommendations
For MySQL Community Server versions 5.0.x through 5.0.50, update to version 5.0.51 or later.
For MySQL Enterprise Server versions 5.0.x through 5.0.51, update to version 5.0.52 or later.
For MySQL Server versions 5.1.x through 5.1.22, update to version 5.1.23 or later.
For MySQL Server versions 6.0.x through 6.0.3, update to version 6.0.4 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mysql Community Server
Mysql Enterprise Server
Mysql Server
Red Hat