CVE-2007-2691 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-2691
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-2691

Description: MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/34347 UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html ST 1018069 SAID Secunia Advisory: SA31226 Secunia Advisory: SA28838 Secunia Advisory: SA27823 Secunia Advisory: SA26073 Secunia Advisory: SA27155 Secunia Advisory: SA26430 Secunia Advisory: SA25301 Secunia Advisory: SA25946 Secunia Advisory: SA32222 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0768.html http://www.redhat.com/support/errata/RHSA-2007-0894.html MLIST http://lists.mysql.com/announce/470 MISC http://bugs.mysql.com/bug.php?id=27515 MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 DEBIAN http://www.debian.org/security/2007/dsa-1413 CONFIRM http://support.apple.com/kb/HT3216 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded BID 31681 24016 APPLE http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

Return to the previous page.