ID CVE-2007-5970
Summary MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:6.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:6.0.4:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 17-12-2019 - 20:06)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
refmap via4
confirm
osvdb 42607
sectrack 1019084
vupen ADV-2008-0560
xf mysql-datadirectory-privilege-escalation(38988)
statements via4
contributor Mark J Cox
lastmodified 2008-01-09
organization Red Hat
statement Not vulnerable. This issue did not affect the mysql packages as shipped in Red Hat Enterprise Linux 2.1, 3, 4, 5, Red Hat Application Stack v1, and v2, as the versions shipped do not support table partitioning. The partitioning feature was introduced in development MySQL version 5.1.
Last major update 17-12-2019 - 20:06
Published 10-12-2007 - 19:46
Last modified 17-12-2019 - 20:06
Back to Top