ID CVE-2007-3781
Summary MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
References
Vulnerable Configurations
  • MySQL MySQL Community Server 5.0.41
    cpe:2.3:a:mysql:community_server:5.0.41
  • MySQL MySQL Community Server 5.0.44
    cpe:2.3:a:mysql:community_server:5.0.44
CVSS
Base: 4.0 (as of 17-07-2007 - 12:15)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-559-1.NASL
    description Joe Gallo and Artem Russakovskii discovered that the InnoDB engine in MySQL did not properly perform input validation. An authenticated user could use a crafted CONTAINS statement to cause a denial of service. (CVE-2007-5925) It was discovered that under certain conditions MySQL could be made to overwrite system table information. An authenticated user could use a crafted RENAME statement to escalate privileges. (CVE-2007-5969) Philip Stoev discovered that the the federated engine of MySQL did not properly handle responses with a small number of columns. An authenticated user could use a crafted response to a SHOW TABLE STATUS query and cause a denial of service. (CVE-2007-6304) It was discovered that MySQL did not properly enforce access controls. An authenticated user could use a crafted CREATE TABLE LIKE statement to escalate privileges. (CVE-2007-3781). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 29793
    published 2007-12-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29793
    title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : mysql-dfsg-5.0 vulnerabilities (USN-559-1)
  • NASL family Databases
    NASL id MYSQL_5_0_45.NASL
    description The version of MySQL Community Server installed on the remote host is reportedly affected by a denial of service vulnerability that can lead to a server crash with a specially crafted password packet. It is also affected by a privilege escalation vulnerability because 'CREATE TABLE LIKE' does not require any privileges on the source table, which allows an attacker to create arbitrary tables using the affected application.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 25759
    published 2007-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25759
    title MySQL Community Server 5.0 < 5.0.45 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MYSQL-4376.NASL
    description This update provides fixes for : - remote triggerable crash. (CVE-2007-3780) - query tables without propper authorisation. (CVE-2007-3781) - gain update privileges without propper authorisation. (CVE-2007-3782)
    last seen 2018-09-01
    modified 2016-12-22
    plugin id 29525
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29525
    title SuSE 10 Security Update : MySQL (ZYPP Patch Number 4376)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-243.NASL
    description A vulnerability in MySQL prior to 5.0.45 did not require priveliges such as SELECT for the source table in a CREATE TABLE LIKE statement, allowing remote authenticated users to obtain sensitive information such as the table structure (CVE-2007-3781). A vulnerability in the InnoDB engine in MySQL allowed remote authenticated users to cause a denial of service (database crash) via certain CONTAINS operations on an indexed column, which triggered an assertion error (CVE-2007-5925). Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options could be used to overwrite system table information by replacing the file to which a symlink pointed to (CVE-2007-5969). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 29300
    published 2007-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29300
    title Mandrake Linux Security Advisory : MySQL (MDKSA-2007:243)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200708-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-200708-10 (MySQL: Denial of Service and information leakage) Dormando reported a vulnerability within the handling of password packets in the connection protocol (CVE-2007-3780). Andrei Elkin also found that the 'CREATE TABLE LIKE' command didn't require SELECT privileges on the source table (CVE-2007-3781). Impact : A remote unauthenticated attacker could use the first vulnerability to make the server crash. The second vulnerability can be used by authenticated users to obtain information on tables they are not normally able to access. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 25916
    published 2007-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25916
    title GLSA-200708-10 : MySQL: Denial of Service and information leakage
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MYSQL-4375.NASL
    description This update provides fixes for : - CVE-2007-3780: remote triggerable crash - CVE-2007-3781: query tables without propper authorisation - CVE-2007-3782: gain update privileges without propper authorisation
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27359
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27359
    title openSUSE 10 Security Update : mysql (mysql-4375)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080521_MYSQL_ON_SL5_X.NASL
    description MySQL did not require privileges such as 'SELECT' for the source table in a 'CREATE TABLE LIKE' statement. An authenticated user could obtain sensitive information, such as the table structure. (CVE-2007-3781) A flaw was discovered in MySQL that allowed an authenticated user to gain update privileges for a table in another database, via a view that refers to the external table. (CVE-2007-3782) MySQL did not require the 'DROP' privilege for 'RENAME TABLE' statements. An authenticated user could use this flaw to rename arbitrary tables. (CVE-2007-2691) A flaw was discovered in the mysql_change_db function when returning from SQL SECURITY INVOKER stored routines. An authenticated user could use this flaw to gain database privileges. (CVE-2007-2692) MySQL allowed an authenticated user to bypass logging mechanisms via SQL queries that contain the NULL character, which were not properly handled by the mysql_real_query function. (CVE-2006-0903) MySQL allowed an authenticated user to access a table through a previously created MERGE table, even after the user's privileges were revoked from the original table, which might violate intended security policy. This is addressed by allowing the MERGE storage engine to be disabled, which can be done by running mysqld with the '--skip-merge' option. (CVE-2006-4031) MySQL evaluated arguments in the wrong security context, which allowed an authenticated user to gain privileges through a routine that had been made available using 'GRANT EXECUTE'. (CVE-2006-4227) Multiple flaws in MySQL allowed an authenticated user to cause the MySQL daemon to crash via crafted SQL queries. This only caused a temporary denial of service, as the MySQL daemon is automatically restarted after the crash. (CVE-2006-7232, CVE-2007-1420, CVE-2007-2583) As well, these updated packages fix the following bugs : - a separate counter was used for 'insert delayed' statements, which caused rows to be discarded. In these updated packages, 'insert delayed' statements no longer use a separate counter, which resolves this issue. - due to a bug in the Native POSIX Thread Library, in certain situations, 'flush tables' caused a deadlock on tables that had a read lock. The mysqld daemon had to be killed forcefully. Now, 'COND_refresh' has been replaced with 'COND_global_read_lock', which resolves this issue. - mysqld crashed if a query for an unsigned column type contained a negative value for a 'WHERE [column] NOT IN' subquery. - in master and slave server situations, specifying 'on duplicate key update' for 'insert' statements did not update slave servers. - in the mysql client, empty strings were displayed as 'NULL'. For example, running 'insert into [table-name] values (' ');' resulted in a 'NULL' entry being displayed when querying the table using 'select * from [table-name];'. - a bug in the optimizer code resulted in certain queries executing much slower than expected. - on 64-bit PowerPC architectures, MySQL did not calculate the thread stack size correctly, which could have caused MySQL to crash when overly-complex queries were used. Note: these updated packages upgrade MySQL to version 5.0.45. For a full list of bug fixes and enhancements, refer to the MySQL release notes: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0.html
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60406
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60406
    title Scientific Linux Security Update : mysql on SL5.x i386/x86_64
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2007-348-01.NASL
    description New mysql packages are available for Slackware 11.0, 12.0, and -current to fix bugs and security issues.
    last seen 2018-11-20
    modified 2018-11-19
    plugin id 29704
    published 2007-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29704
    title Slackware 11.0 / 12.0 / current : mysql (SSA:2007-348-01)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0364.NASL
    description Updated mysql packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld), and many different client programs and libraries. MySQL did not require privileges such as 'SELECT' for the source table in a 'CREATE TABLE LIKE' statement. An authenticated user could obtain sensitive information, such as the table structure. (CVE-2007-3781) A flaw was discovered in MySQL that allowed an authenticated user to gain update privileges for a table in another database, via a view that refers to the external table. (CVE-2007-3782) MySQL did not require the 'DROP' privilege for 'RENAME TABLE' statements. An authenticated user could use this flaw to rename arbitrary tables. (CVE-2007-2691) A flaw was discovered in the mysql_change_db function when returning from SQL SECURITY INVOKER stored routines. An authenticated user could use this flaw to gain database privileges. (CVE-2007-2692) MySQL allowed an authenticated user to bypass logging mechanisms via SQL queries that contain the NULL character, which were not properly handled by the mysql_real_query function. (CVE-2006-0903) MySQL allowed an authenticated user to access a table through a previously created MERGE table, even after the user's privileges were revoked from the original table, which might violate intended security policy. This is addressed by allowing the MERGE storage engine to be disabled, which can be done by running mysqld with the '--skip-merge' option. (CVE-2006-4031) MySQL evaluated arguments in the wrong security context, which allowed an authenticated user to gain privileges through a routine that had been made available using 'GRANT EXECUTE'. (CVE-2006-4227) Multiple flaws in MySQL allowed an authenticated user to cause the MySQL daemon to crash via crafted SQL queries. This only caused a temporary denial of service, as the MySQL daemon is automatically restarted after the crash. (CVE-2006-7232, CVE-2007-1420, CVE-2007-2583) As well, these updated packages fix the following bugs : * a separate counter was used for 'insert delayed' statements, which caused rows to be discarded. In these updated packages, 'insert delayed' statements no longer use a separate counter, which resolves this issue. * due to a bug in the Native POSIX Thread Library, in certain situations, 'flush tables' caused a deadlock on tables that had a read lock. The mysqld daemon had to be killed forcefully. Now, 'COND_refresh' has been replaced with 'COND_global_read_lock', which resolves this issue. * mysqld crashed if a query for an unsigned column type contained a negative value for a 'WHERE [column] NOT IN' subquery. * in master and slave server situations, specifying 'on duplicate key update' for 'insert' statements did not update slave servers. * in the mysql client, empty strings were displayed as 'NULL'. For example, running 'insert into [table-name] values (' ');' resulted in a 'NULL' entry being displayed when querying the table using 'select * from [table-name];'. * a bug in the optimizer code resulted in certain queries executing much slower than expected. * on 64-bit PowerPC architectures, MySQL did not calculate the thread stack size correctly, which could have caused MySQL to crash when overly-complex queries were used. Note: these updated packages upgrade MySQL to version 5.0.45. For a full list of bug fixes and enhancements, refer to the MySQL release notes: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0.html All mysql users are advised to upgrade to these updated packages, which resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 32425
    published 2008-05-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32425
    title RHEL 5 : mysql (RHSA-2008:0364)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1451.NASL
    description Several local/remote vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3781 It was discovered that the privilege validation for the source table of CREATE TABLE LIKE statements was insufficiently enforced, which might lead to information disclosure. This is only exploitable by authenticated users. - CVE-2007-5969 It was discovered that symbolic links were handled insecurely during the creation of tables with DATA DIRECTORY or INDEX DIRECTORY statements, which might lead to denial of service by overwriting data. This is only exploitable by authenticated users. - CVE-2007-6304 It was discovered that queries to data in a FEDERATED table can lead to a crash of the local database server, if the remote server returns information with less columns than expected, resulting in denial of service.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 29860
    published 2008-01-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29860
    title Debian DSA-1451-1 : mysql-dfsg-5.0 - several vulnerabilities
oval via4
accepted 2013-04-29T04:18:27.646-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
family unix
id oval:org.mitre.oval:def:9195
status accepted
submitted 2010-07-09T03:56:16-04:00
title MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
version 18
redhat via4
advisories
  • rhsa
    id RHSA-2007:0894
  • rhsa
    id RHSA-2008:0364
rpms
  • mysql-0:5.0.45-7.el5
  • mysql-bench-0:5.0.45-7.el5
  • mysql-devel-0:5.0.45-7.el5
  • mysql-server-0:5.0.45-7.el5
  • mysql-test-0:5.0.45-7.el5
refmap via4
bid 25017
bugtraq 20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server
confirm
debian DSA-1451
gentoo GLSA-200708-10
mandriva MDKSA-2007:243
misc http://bugs.mysql.com/bug.php?id=25578
mlist [announce] 20070712 MySQL Community Server 5.0.45 has been released!
osvdb 37783
secunia
  • 25301
  • 26073
  • 26430
  • 26498
  • 26987
  • 28040
  • 28108
  • 28128
  • 28343
  • 30351
slackware SSA:2007-348-01
ubuntu USN-559-1
statements via4
contributor Mark J Cox
lastmodified 2007-07-17
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248553 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Last major update 21-08-2010 - 01:08
Published 15-07-2007 - 18:30
Last modified 15-10-2018 - 17:30
Back to Top