Описание
MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-5969
- https://issues.rpath.com/browse/RPL-1999
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509
- https://usn.ubuntu.com/559-1
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html
- http://bugs.mysql.com/32111
- http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html
- http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html
- http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html
- http://forums.mysql.com/read.php?3%2C186931%2C186931
- http://forums.mysql.com/read.php?3,186931,186931
- http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
- http://lists.mysql.com/announce/495
- http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
- http://secunia.com/advisories/27981
- http://secunia.com/advisories/28025
- http://secunia.com/advisories/28040
- http://secunia.com/advisories/28063
- http://secunia.com/advisories/28099
- http://secunia.com/advisories/28108
- http://secunia.com/advisories/28128
- http://secunia.com/advisories/28343
- http://secunia.com/advisories/28559
- http://secunia.com/advisories/28838
- http://secunia.com/advisories/29706
- http://secunia.com/advisories/32222
- http://security.gentoo.org/glsa/glsa-200804-04.xml
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959
- http://support.apple.com/kb/HT3216
- http://www.debian.org/security/2008/dsa-1451
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:243
- http://www.redhat.com/support/errata/RHSA-2007-1155.html
- http://www.redhat.com/support/errata/RHSA-2007-1157.html
- http://www.securityfocus.com/archive/1/486477/100/0/threaded
- http://www.securityfocus.com/bid/26765
- http://www.securityfocus.com/bid/31681
- http://www.securitytracker.com/id?1019060
- http://www.vupen.com/english/advisories/2007/4142
- http://www.vupen.com/english/advisories/2007/4198
- http://www.vupen.com/english/advisories/2008/0560/references
- http://www.vupen.com/english/advisories/2008/1000/references
- http://www.vupen.com/english/advisories/2008/2780
EPSS
CVE ID
Связанные уязвимости
MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x be ...
ELSA-2007-1155: Important: mysql security update (IMPORTANT)
EPSS