CVE-2007-2691

Опубликовано: 16 мая 2007

Источник: nvd

CVSS2: 4.9

EPSS Низкий

Описание

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

Ссылки

http://bugs.mysql.com/bug.php?id=27515
Vendor Advisory
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html
Patch
Vendor Advisory
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
Mailing List
Third Party Advisory
http://lists.mysql.com/announce/470
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
Third Party Advisory
http://osvdb.org/34766
Broken Link
http://secunia.com/advisories/25301
Third Party Advisory
http://secunia.com/advisories/25946
Third Party Advisory
http://secunia.com/advisories/26073
Third Party Advisory
http://secunia.com/advisories/26430
Third Party Advisory
http://secunia.com/advisories/27155
Third Party Advisory
http://secunia.com/advisories/27823
Third Party Advisory
http://secunia.com/advisories/28838
Third Party Advisory
http://secunia.com/advisories/30351
Third Party Advisory
http://secunia.com/advisories/31226
Third Party Advisory
http://secunia.com/advisories/32222
Third Party Advisory
http://support.apple.com/kb/HT3216
Third Party Advisory
http://www.debian.org/security/2007/dsa-1413
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:139
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0894.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*

Версия до 4.1.22 (включая)

cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*

Версия от 5.0 (включая) до 5.0.42 (исключая)

cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*

Версия от 5.1 (включая) до 5.1.18 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.01016

Низкий

4.9 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2007-2691

ubuntu

около 18 лет назад

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

CVE-2007-2691

redhat

около 18 лет назад

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

CVE-2007-2691

debian

около 18 лет назад

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does ...

GHSA-2xc6-gj77-5g2j

github

около 3 лет назад

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

ELSA-2008-0364

oracle-oval

около 17 лет назад

ELSA-2008-0364: mysql security and bug fix update (LOW)

EPSS

Процентиль: 76%

0.01016

Низкий

4.9 Medium

CVSS2

Дефекты

NVD-CWE-Other