ID CVE-2007-2691
Summary MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
References
Vulnerable Configurations
  • MySQL MySQL 4.1.22
    cpe:2.3:a:mysql:mysql:4.1.22
  • MySQL 5.0.23
    cpe:2.3:a:mysql:mysql:5.0.23
  • MySQL 5.0.24a
    cpe:2.3:a:mysql:mysql:5.0.24a
  • MySQL 5.0.25
    cpe:2.3:a:mysql:mysql:5.0.25
  • MySQL 5.0.26
    cpe:2.3:a:mysql:mysql:5.0.26
  • MySQL 5.1
    cpe:2.3:a:mysql:mysql:5.1
  • MySQL 5.1.1
    cpe:2.3:a:mysql:mysql:5.1.1
  • MySQL 5.1.2
    cpe:2.3:a:mysql:mysql:5.1.2
  • MySQL 5.1.3
    cpe:2.3:a:mysql:mysql:5.1.3
  • MySQL 5.1.4
    cpe:2.3:a:mysql:mysql:5.1.4
  • MySQL 5.1.5
    cpe:2.3:a:mysql:mysql:5.1.5
  • MySQL 5.1.5a
    cpe:2.3:a:mysql:mysql:5.1.5a
  • MySQL 5.1.6
    cpe:2.3:a:mysql:mysql:5.1.6
  • MySQL 5.1.7
    cpe:2.3:a:mysql:mysql:5.1.7
  • MySQL 5.1.8
    cpe:2.3:a:mysql:mysql:5.1.8
  • MySQL 5.1.9
    cpe:2.3:a:mysql:mysql:5.1.9
  • MySQL 5.1.10
    cpe:2.3:a:mysql:mysql:5.1.10
  • MySQL 5.1.11
    cpe:2.3:a:mysql:mysql:5.1.11
  • MySQL 5.1.12
    cpe:2.3:a:mysql:mysql:5.1.12
  • MySQL 5.1.13
    cpe:2.3:a:mysql:mysql:5.1.13
  • MySQL 5.1.14
    cpe:2.3:a:mysql:mysql:5.1.14
  • MySQL 5.1.15
    cpe:2.3:a:mysql:mysql:5.1.15
  • MySQL 5.1.16
    cpe:2.3:a:mysql:mysql:5.1.16
  • MySQL 5.1.17
    cpe:2.3:a:mysql:mysql:5.1.17
  • Debian Debian Linux 3.1
    cpe:2.3:o:debian:debian_linux:3.1
  • Debian GNU/Linux 4.0
    cpe:2.3:o:debian:debian_linux:4.0
  • Canonical Ubuntu Linux 6.06 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:6.06:-:-:-:lts
  • Canonical Ubuntu Linux 6.10
    cpe:2.3:o:canonical:ubuntu_linux:6.10
  • Canonical Ubuntu Linux 7.04
    cpe:2.3:o:canonical:ubuntu_linux:7.04
CVSS
Base: 4.9 (as of 17-05-2007 - 09:56)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
nessus via4
  • NASL family Databases
    NASL id MYSQL_4_1_23_5_0_42.NASL
    description The version of MySQL installed on the remote host is older than 4.1.23 or 5.0.42. As such, it reportedly allows a remote, authenticated user without the DROP privilege to rename arbitrary tables.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 17829
    published 2012-01-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17829
    title MySQL < 4.1.23 / 5.0.42 Access Control Vulnerability
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_BB4E9A44DFF211DDA7650030843D3802.NASL
    description MySQL reports : The requirement of the DROP privilege for RENAME TABLE was not enforced.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 35342
    published 2009-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35342
    title FreeBSD : mysql -- renaming of arbitrary tables by authenticated users (bb4e9a44-dff2-11dd-a765-0030843d3802)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-177.NASL
    description A vulnerability was found in MySQL's authentication protocol, making it possible for a remote unauthenticated attacker to send a specially crafted authentication request to the MySQL server causing it to crash (CVE-2007-3780). Another flaw was discovered in MySQL that allowed remote authenticated users to gain update privileges for a table in another database via a view that refers to the external table (CVE-2007-3782). Updated packages have been patched to prevent these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 26009
    published 2007-09-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26009
    title Mandrake Linux Security Advisory : MySQL (MDKSA-2007:177)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0768.NASL
    description Updated mysql packages that fix various security issues, several bugs, and add an enhancement are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld), and many different client programs and libraries. MySQL did not correctly check directories used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated attacker could elevate their access privileges to tables created by other database users. Note: this attack does not work on existing tables. An attacker can only elevate their access to another user's tables as the tables are created. As well, the names of these created tables need to be predicted correctly for this attack to succeed. (CVE-2008-2079) MySQL did not require the 'DROP' privilege for 'RENAME TABLE' statements. An authenticated user could use this flaw to rename arbitrary tables. (CVE-2007-2691) MySQL allowed an authenticated user to access a table through a previously created MERGE table, even after the user's privileges were revoked from the original table, which might violate intended security policy. This is addressed by allowing the MERGE storage engine to be disabled, which can be done by running mysqld with the '--skip-merge' option. (CVE-2006-4031) A flaw in MySQL allowed an authenticated user to cause the MySQL daemon to crash via crafted SQL queries. This only caused a temporary denial of service, as the MySQL daemon is automatically restarted after the crash. (CVE-2006-3469) As well, these updated packages fix the following bugs : * in the previous mysql packages, if a column name was referenced more than once in an 'ORDER BY' section of a query, a segmentation fault occurred. * when MySQL failed to start, the init script returned a successful (0) exit code. When using the Red Hat Cluster Suite, this may have caused cluster services to report a successful start, even when MySQL failed to start. In these updated packages, the init script returns the correct exit codes, which resolves this issue. * it was possible to use the mysqld_safe command to specify invalid port numbers (higher than 65536), causing invalid ports to be created, and, in some cases, a 'port number definition: unsigned short' error. In these updated packages, when an invalid port number is specified, the default port number is used. * when setting 'myisam_repair_threads > 1', any repair set the index cardinality to '1', regardless of the table size. * the MySQL init script no longer runs 'chmod -R' on the entire database directory tree during every startup. * when running 'mysqldump' with the MySQL 4.0 compatibility mode option, '--compatible=mysql40', mysqldump created dumps that omitted the 'auto_increment' field. As well, the MySQL init script now uses more reliable methods for determining parameters, such as the data directory location. Note: these updated packages upgrade MySQL to version 4.1.22. For a full list of bug fixes and enhancements, refer to the MySQL release notes: http://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html All mysql users are advised to upgrade to these updated packages, which resolve these issues and add this enhancement.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 33585
    published 2008-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33585
    title RHEL 4 : mysql (RHSA-2008:0768)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2008-007.NASL
    description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-007 applied. This security update contains fixes for the following products : - Apache - Certificates - ClamAV - ColorSync - CUPS - Finder - launchd - libxslt - MySQL Server - Networking - PHP - Postfix - PSNormalizer - QuickLook - rlogin - Script Editor - Single Sign-On - Tomcat - vim - Weblog
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 34374
    published 2008-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34374
    title Mac OS X Multiple Vulnerabilities (Security Update 2008-007)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080521_MYSQL_ON_SL5_X.NASL
    description MySQL did not require privileges such as 'SELECT' for the source table in a 'CREATE TABLE LIKE' statement. An authenticated user could obtain sensitive information, such as the table structure. (CVE-2007-3781) A flaw was discovered in MySQL that allowed an authenticated user to gain update privileges for a table in another database, via a view that refers to the external table. (CVE-2007-3782) MySQL did not require the 'DROP' privilege for 'RENAME TABLE' statements. An authenticated user could use this flaw to rename arbitrary tables. (CVE-2007-2691) A flaw was discovered in the mysql_change_db function when returning from SQL SECURITY INVOKER stored routines. An authenticated user could use this flaw to gain database privileges. (CVE-2007-2692) MySQL allowed an authenticated user to bypass logging mechanisms via SQL queries that contain the NULL character, which were not properly handled by the mysql_real_query function. (CVE-2006-0903) MySQL allowed an authenticated user to access a table through a previously created MERGE table, even after the user's privileges were revoked from the original table, which might violate intended security policy. This is addressed by allowing the MERGE storage engine to be disabled, which can be done by running mysqld with the '--skip-merge' option. (CVE-2006-4031) MySQL evaluated arguments in the wrong security context, which allowed an authenticated user to gain privileges through a routine that had been made available using 'GRANT EXECUTE'. (CVE-2006-4227) Multiple flaws in MySQL allowed an authenticated user to cause the MySQL daemon to crash via crafted SQL queries. This only caused a temporary denial of service, as the MySQL daemon is automatically restarted after the crash. (CVE-2006-7232, CVE-2007-1420, CVE-2007-2583) As well, these updated packages fix the following bugs : - a separate counter was used for 'insert delayed' statements, which caused rows to be discarded. In these updated packages, 'insert delayed' statements no longer use a separate counter, which resolves this issue. - due to a bug in the Native POSIX Thread Library, in certain situations, 'flush tables' caused a deadlock on tables that had a read lock. The mysqld daemon had to be killed forcefully. Now, 'COND_refresh' has been replaced with 'COND_global_read_lock', which resolves this issue. - mysqld crashed if a query for an unsigned column type contained a negative value for a 'WHERE [column] NOT IN' subquery. - in master and slave server situations, specifying 'on duplicate key update' for 'insert' statements did not update slave servers. - in the mysql client, empty strings were displayed as 'NULL'. For example, running 'insert into [table-name] values (' ');' resulted in a 'NULL' entry being displayed when querying the table using 'select * from [table-name];'. - a bug in the optimizer code resulted in certain queries executing much slower than expected. - on 64-bit PowerPC architectures, MySQL did not calculate the thread stack size correctly, which could have caused MySQL to crash when overly-complex queries were used. Note: these updated packages upgrade MySQL to version 5.0.45. For a full list of bug fixes and enhancements, refer to the MySQL release notes: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0.html
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60406
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60406
    title Scientific Linux Security Update : mysql on SL5.x i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080724_MYSQL_ON_SL4_X.NASL
    description MySQL did not correctly check directories used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated attacker could elevate their access privileges to tables created by other database users. Note: this attack does not work on existing tables. An attacker can only elevate their access to another user's tables as the tables are created. As well, the names of these created tables need to be predicted correctly for this attack to succeed. (CVE-2008-2079) MySQL did not require the 'DROP' privilege for 'RENAME TABLE' statements. An authenticated user could use this flaw to rename arbitrary tables. (CVE-2007-2691) MySQL allowed an authenticated user to access a table through a previously created MERGE table, even after the user's privileges were revoked from the original table, which might violate intended security policy. This is addressed by allowing the MERGE storage engine to be disabled, which can be done by running mysqld with the '--skip-merge' option. (CVE-2006-4031) A flaw in MySQL allowed an authenticated user to cause the MySQL daemon to crash via crafted SQL queries. This only caused a temporary denial of service, as the MySQL daemon is automatically restarted after the crash. (CVE-2006-3469) As well, these updated packages fix the following bugs : - in the previous mysql packages, if a column name was referenced more than once in an 'ORDER BY' section of a query, a segmentation fault occurred. - when MySQL failed to start, the init script returned a successful (0) exit code. When using the Red Hat Cluster Suite, this may have caused cluster services to report a successful start, even when MySQL failed to start. In these updated packages, the init script returns the correct exit codes, which resolves this issue. - it was possible to use the mysqld_safe command to specify invalid port numbers (higher than 65536), causing invalid ports to be created, and, in some cases, a 'port number definition: unsigned short' error. In these updated packages, when an invalid port number is specified, the default port number is used. - when setting 'myisam_repair_threads > 1', any repair set the index cardinality to '1', regardless of the table size. - the MySQL init script no longer runs 'chmod -R' on the entire database directory tree during every startup. - when running 'mysqldump' with the MySQL 4.0 compatibility mode option, '--compatible=mysql40', mysqldump created dumps that omitted the 'auto_increment' field. As well, the MySQL init script now uses more reliable methods for determining parameters, such as the data directory location. Note: these updated packages upgrade MySQL to version 4.1.22. For a full list of bug fixes and enhancements, refer to the MySQL release notes: http://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60451
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60451
    title Scientific Linux Security Update : mysql on SL4.x i386/x86_64
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-139.NASL
    description MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function. This issue does not affect MySQL 5.0.37 in Mandriva Linux 2007.1. (CVE-2007-1420) The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. (CVE-2007-2583) MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. (CVE-2007-2691) Updated packages have been patched to prevent the above issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25669
    published 2007-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25669
    title Mandrake Linux Security Advisory : MySQL (MDKSA-2007:139)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-528-1.NASL
    description Neil Kettle discovered that MySQL could be made to dereference a NULL pointer and divide by zero. An authenticated user could exploit this with a crafted IF clause, leading to a denial of service. (CVE-2007-2583) Victoria Reznichenko discovered that MySQL did not always require the DROP privilege. An authenticated user could exploit this via RENAME TABLE statements to rename arbitrary tables, possibly gaining additional database access. (CVE-2007-2691) It was discovered that MySQL could be made to overflow a signed char during authentication. Remote attackers could use crafted authentication requests to cause a denial of service. (CVE-2007-3780) Phil Anderton discovered that MySQL did not properly verify access privileges when accessing external tables. As a result, authenticated users could exploit this to obtain UPDATE privileges to external tables. (CVE-2007-3782) In certain situations, when installing or upgrading mysql, there was no notification that the mysql root user password needed to be set. If the password was left unset, attackers would be able to obtain unrestricted access to mysql. This is now checked during mysql start-up. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28133
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28133
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : mysql-dfsg-5.0 vulnerabilities (USN-528-1)
  • NASL family Databases
    NASL id MYSQL_5_1_18.NASL
    description The version of MySQL installed on the remote host reportedly is affected by several issues : - Evaluation of an 'IN()' predicate with a decimal-valued argument causes a service crash. - A user can rename a table even though he does not have DROP privileges. - If a stored routine is declared as 'SQL SECURITY INVOKER', a user may be able to gain privileges by invoking that routine. - A user with only ALTER privileges on a partitioned table can discover information about the table that should require SELECT privileges.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 25242
    published 2007-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25242
    title MySQL 5.1 < 5.1.18 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12044.NASL
    description This update fixes several security vulnerabilities (note: not all versions are affected by every bug) : - CVE-2007-2583 - CVE-2007-2691 - CVE-2007-2692 - CVE-2007-5925 - CVE-2007-5969 - CVE-2007-6303 - CVE-2007-6304
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 41184
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41184
    title SuSE9 Security Update : MySQL (YOU Patch Number 12044)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0364.NASL
    description Updated mysql packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld), and many different client programs and libraries. MySQL did not require privileges such as 'SELECT' for the source table in a 'CREATE TABLE LIKE' statement. An authenticated user could obtain sensitive information, such as the table structure. (CVE-2007-3781) A flaw was discovered in MySQL that allowed an authenticated user to gain update privileges for a table in another database, via a view that refers to the external table. (CVE-2007-3782) MySQL did not require the 'DROP' privilege for 'RENAME TABLE' statements. An authenticated user could use this flaw to rename arbitrary tables. (CVE-2007-2691) A flaw was discovered in the mysql_change_db function when returning from SQL SECURITY INVOKER stored routines. An authenticated user could use this flaw to gain database privileges. (CVE-2007-2692) MySQL allowed an authenticated user to bypass logging mechanisms via SQL queries that contain the NULL character, which were not properly handled by the mysql_real_query function. (CVE-2006-0903) MySQL allowed an authenticated user to access a table through a previously created MERGE table, even after the user's privileges were revoked from the original table, which might violate intended security policy. This is addressed by allowing the MERGE storage engine to be disabled, which can be done by running mysqld with the '--skip-merge' option. (CVE-2006-4031) MySQL evaluated arguments in the wrong security context, which allowed an authenticated user to gain privileges through a routine that had been made available using 'GRANT EXECUTE'. (CVE-2006-4227) Multiple flaws in MySQL allowed an authenticated user to cause the MySQL daemon to crash via crafted SQL queries. This only caused a temporary denial of service, as the MySQL daemon is automatically restarted after the crash. (CVE-2006-7232, CVE-2007-1420, CVE-2007-2583) As well, these updated packages fix the following bugs : * a separate counter was used for 'insert delayed' statements, which caused rows to be discarded. In these updated packages, 'insert delayed' statements no longer use a separate counter, which resolves this issue. * due to a bug in the Native POSIX Thread Library, in certain situations, 'flush tables' caused a deadlock on tables that had a read lock. The mysqld daemon had to be killed forcefully. Now, 'COND_refresh' has been replaced with 'COND_global_read_lock', which resolves this issue. * mysqld crashed if a query for an unsigned column type contained a negative value for a 'WHERE [column] NOT IN' subquery. * in master and slave server situations, specifying 'on duplicate key update' for 'insert' statements did not update slave servers. * in the mysql client, empty strings were displayed as 'NULL'. For example, running 'insert into [table-name] values (' ');' resulted in a 'NULL' entry being displayed when querying the table using 'select * from [table-name];'. * a bug in the optimizer code resulted in certain queries executing much slower than expected. * on 64-bit PowerPC architectures, MySQL did not calculate the thread stack size correctly, which could have caused MySQL to crash when overly-complex queries were used. Note: these updated packages upgrade MySQL to version 5.0.45. For a full list of bug fixes and enhancements, refer to the MySQL release notes: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0.html All mysql users are advised to upgrade to these updated packages, which resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 32425
    published 2008-05-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32425
    title RHEL 5 : mysql (RHSA-2008:0364)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBMYSQLCLIENT-DEVEL-4873.NASL
    description This update fixes several security vulnerabilities (note: not all versions are affected by every bug) : - CVE-2007-2583 - CVE-2007-2691 - CVE-2007-2692 - CVE-2007-5925 - CVE-2007-5969 - CVE-2007-6303 - CVE-2007-6304
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 30180
    published 2008-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30180
    title openSUSE 10 Security Update : libmysqlclient-devel (libmysqlclient-devel-4873)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1413.NASL
    description Several vulnerabilities have been found in the MySQL database packages with implications ranging from unauthorized database modifications to remotely triggered server crashes. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2583 The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40 allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. (Affects source version 5.0.32.) - CVE-2007-2691 MySQL does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. (All supported versions affected.) - CVE-2007-2692 The mysql_change_db function does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. (Affects source version 5.0.32.) - CVE-2007-3780 MySQL could be made to overflow a signed char during authentication. Remote attackers could use specially crafted authentication requests to cause a denial of service. (Upstream source versions 4.1.11a and 5.0.32 affected.) - CVE-2007-3782 Phil Anderton discovered that MySQL did not properly verify access privileges when accessing external tables. As a result, authenticated users could exploit this to obtain UPDATE privileges to external tables. (Affects source version 5.0.32.) - CVE-2007-5925 The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error. (Affects source version 5.0.32.)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 28336
    published 2007-11-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28336
    title Debian DSA-1413-1 : mysql - multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MYSQL-4879.NASL
    description This update fixes several security vulnerabilities (note: not all versions are affected by every bug) : - CVE-2007-2583 - CVE-2007-2691 - CVE-2007-2692 - CVE-2007-5925 - CVE-2007-5969 - CVE-2007-6303 - CVE-2007-6304
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 30182
    published 2008-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30182
    title SuSE 10 Security Update : MySQL (ZYPP Patch Number 4879)
oval via4
accepted 2013-04-29T04:20:15.505-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
family unix
id oval:org.mitre.oval:def:9559
status accepted
submitted 2010-07-09T03:56:16-04:00
title MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
version 24
redhat via4
advisories
  • rhsa
    id RHSA-2007:0894
  • rhsa
    id RHSA-2008:0364
  • rhsa
    id RHSA-2008:0768
rpms
  • mysql-0:5.0.45-7.el5
  • mysql-bench-0:5.0.45-7.el5
  • mysql-devel-0:5.0.45-7.el5
  • mysql-server-0:5.0.45-7.el5
  • mysql-test-0:5.0.45-7.el5
  • mysql-0:4.1.22-2.el4
  • mysql-bench-0:4.1.22-2.el4
  • mysql-devel-0:4.1.22-2.el4
  • mysql-server-0:4.1.22-2.el4
refmap via4
apple APPLE-SA-2008-10-09
bid
  • 24016
  • 31681
bugtraq 20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server
confirm
debian DSA-1413
mandriva MDKSA-2007:139
misc http://bugs.mysql.com/bug.php?id=27515
mlist [announce] 20070712 MySQL Community Server 5.0.45 has been released!
osvdb 34766
sectrack 1018069
secunia
  • 25301
  • 25946
  • 26073
  • 26430
  • 27155
  • 27823
  • 28838
  • 30351
  • 31226
  • 32222
suse SUSE-SR:2008:003
ubuntu USN-528-1
vupen
  • ADV-2007-1804
  • ADV-2008-2780
xf mysql-renametable-weak-security(34347)
statements via4
contributor Joshua Bressers
lastmodified 2007-05-29
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-2691 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Last major update 05-11-2012 - 22:39
Published 15-05-2007 - 21:19
Last modified 19-10-2018 - 15:00
Back to Top