ID CVE-2007-3781
Summary MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
References
Vulnerable Configurations
  • cpe:2.3:a:mysql:community_server:5.0.41:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:community_server:5.0.41:*:*:*:*:*:*:*
  • cpe:2.3:a:mysql:community_server:5.0.44:*:*:*:*:*:*:*
    cpe:2.3:a:mysql:community_server:5.0.44:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 15-10-2018 - 21:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
oval via4
accepted 2013-04-29T04:18:27.646-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
family unix
id oval:org.mitre.oval:def:9195
status accepted
submitted 2010-07-09T03:56:16-04:00
title MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
version 18
redhat via4
advisories
  • rhsa
    id RHSA-2007:0894
  • rhsa
    id RHSA-2008:0364
rpms
  • mysql-0:5.0.45-7.el5
  • mysql-bench-0:5.0.45-7.el5
  • mysql-devel-0:5.0.45-7.el5
  • mysql-server-0:5.0.45-7.el5
  • mysql-test-0:5.0.45-7.el5
refmap via4
bid 25017
bugtraq 20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server
confirm
debian DSA-1451
gentoo GLSA-200708-10
mandriva MDKSA-2007:243
misc http://bugs.mysql.com/bug.php?id=25578
mlist [announce] 20070712 MySQL Community Server 5.0.45 has been released!
osvdb 37783
secunia
  • 25301
  • 26073
  • 26430
  • 26498
  • 26987
  • 28040
  • 28108
  • 28128
  • 28343
  • 30351
slackware SSA:2007-348-01
ubuntu USN-559-1
statements via4
contributor Mark J Cox
lastmodified 2007-07-17
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248553 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Last major update 15-10-2018 - 21:30
Published 15-07-2007 - 22:30
Back to Top