CVE-2007-2691

MEDIUM

Description

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

References

http://bugs.mysql.com/bug.php?id=27515

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

http://lists.mysql.com/announce/470

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html

http://osvdb.org/34766

http://secunia.com/advisories/25301

http://secunia.com/advisories/25946

http://secunia.com/advisories/26073

http://secunia.com/advisories/26430

http://secunia.com/advisories/27155

http://secunia.com/advisories/27823

http://secunia.com/advisories/28838

http://secunia.com/advisories/30351

http://secunia.com/advisories/31226

http://secunia.com/advisories/32222

http://support.apple.com/kb/HT3216

http://www.debian.org/security/2007/dsa-1413

http://www.mandriva.com/security/advisories?name=MDKSA-2007:139

http://www.redhat.com/support/errata/RHSA-2007-0894.html

http://www.redhat.com/support/errata/RHSA-2008-0364.html

http://www.redhat.com/support/errata/RHSA-2008-0768.html

http://www.securityfocus.com/archive/1/473874/100/0/threaded

http://www.securityfocus.com/bid/24016

http://www.securityfocus.com/bid/31681

http://www.securitytracker.com/id?1018069

http://www.vupen.com/english/advisories/2007/1804

http://www.vupen.com/english/advisories/2008/2780

https://exchange.xforce.ibmcloud.com/vulnerabilities/34347

https://issues.rpath.com/browse/RPL-1536

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559

https://usn.ubuntu.com/528-1/

Details

Source: MITRE

Published: 2007-05-16

Updated: 2018-10-19

Risk Information

CVSS v2.0

Base Score: 4.9

Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:P)

Impact Score: 4.9

Exploitability Score: 6.8

Severity: MEDIUM