Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2008-AVI-162
Vulnerability from certfr_avis
Plusieurs vulnérabilités affectent les versions 4.x du gestionnaire de base de données MySQL. En particulier, certaines d'entre elles permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance.
Description
De nombreuses vulnérabilités affectent la branche 4 de MySQL.
La création de tables MyISAM avec certaines options permet d'écraser des tables existantes.
Le renommage utilisé avec certains paramètres permet la réécriture de tables système.
Des erreurs provoquent des débordements de mémoire ou de pile ou des violations de la segmentation de la mémoire. Dans certains cas l'exploitation permet à un utilisateur d'exécuter du code arbitraire à distance.
Certaines erreurs permettent de provoquer un arrêt inopiné (crash) du serveur. L'utilisation d'un paquet d'authentification malformé permet de provoquer cet arrêt à distance.
Certaines erreurs conduisent à des insertions dans les affichages ou à la corruption de tables.
Solution
La version 4.1.24 corrige ces problèmes. Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Note : la branche 4 du logiciel MySQL n'est plus maintenue (cf. section Documentation). Il est recommandé de migrer vers la branche 5 de ce logiciel.
MySQL, version 4.1.23 et antérieures.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cSPAN class=\"textit\"\u003eMySQL\u003c/SPAN\u003e, version 4.1.23 et ant\u00e9rieures.",
"content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s affectent la branche 4 de MySQL.\n\nLa cr\u00e9ation de tables MyISAM avec certaines options permet d\u0027\u00e9craser des\ntables existantes.\n\nLe renommage utilis\u00e9 avec certains param\u00e8tres permet la r\u00e9\u00e9criture de\ntables syst\u00e8me.\n\nDes erreurs provoquent des d\u00e9bordements de m\u00e9moire ou de pile ou des\nviolations de la segmentation de la m\u00e9moire. Dans certains cas\nl\u0027exploitation permet \u00e0 un utilisateur d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n\nCertaines erreurs permettent de provoquer un arr\u00eat inopin\u00e9 (crash) du\nserveur. L\u0027utilisation d\u0027un paquet d\u0027authentification malform\u00e9 permet de\nprovoquer cet arr\u00eat \u00e0 distance.\n\nCertaines erreurs conduisent \u00e0 des insertions dans les affichages ou \u00e0\nla corruption de tables.\n\n## Solution\n\nLa version 4.1.24 corrige ces probl\u00e8mes. Se r\u00e9f\u00e9rer au bulletin de\ns\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section\nDocumentation).\n\n \n \n\n\u003cspan class=\"textbf\"\u003eNote\u003c/span\u003e : la branche 4 du logiciel MySQL n\u0027est\nplus maintenue (cf. section Documentation). Il est recommand\u00e9 de migrer\nvers la branche 5 de ce logiciel.\n",
"cves": [
{
"name": "CVE-2007-5969",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5969"
},
{
"name": "CVE-2007-3780",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3780"
}
],
"initial_release_date": "2008-03-27T00:00:00",
"last_revision_date": "2008-03-27T00:00:00",
"links": [
{
"title": "Bulletin de version de MySQL :",
"url": "http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html"
},
{
"title": "Politique et calendrier de support pour MySQL :",
"url": "http://www.mysql.com/company/legal/lifecycle/"
}
],
"reference": "CERTA-2008-AVI-162",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-03-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectent les versions 4.x du gestionnaire de\nbase de donn\u00e9es \u003cspan class=\"textit\"\u003eMySQL\u003c/span\u003e. En particulier,\ncertaines d\u0027entre elles permettent \u00e0 un utilisateur malveillant\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans MySQL",
"vendor_advisories": []
}
CVE-2007-5969 (GCVE-0-2007-5969)
Vulnerability from cvelistv5
Published
2007-12-10 19:00
Modified
2024-08-07 15:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28343"
},
{
"name": "GLSA-200804-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-04.xml"
},
{
"name": "29706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29706"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mysql.com/32111"
},
{
"name": "oval:org.mitre.oval:def:10509",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html"
},
{
"name": "DSA-1451",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1451"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html"
},
{
"name": "1019060",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019060"
},
{
"name": "ADV-2007-4142",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4142"
},
{
"name": "USN-559-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/559-1/"
},
{
"name": "20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486477/100/0/threaded"
},
{
"name": "ADV-2008-1000",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1000/references"
},
{
"name": "SSA:2007-348-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.428959"
},
{
"name": "ADV-2008-0560",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0560/references"
},
{
"name": "26765",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26765"
},
{
"name": "FEDORA-2007-4465",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html"
},
{
"name": "28040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28040"
},
{
"name": "RHSA-2007:1157",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1157.html"
},
{
"name": "28099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28099"
},
{
"name": "28559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28559"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32222"
},
{
"name": "27981",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27981"
},
{
"name": "ADV-2007-4198",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4198"
},
{
"name": "FEDORA-2007-4471",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html"
},
{
"name": "[Announcements] 20071206 MySQL 5.0.51 has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.mysql.com/announce/495"
},
{
"name": "RHSA-2007:1155",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1155.html"
},
{
"name": "28108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28108"
},
{
"name": "28025",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28025"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.mysql.com/read.php?3%2C186931%2C186931"
},
{
"name": "28838",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28838"
},
{
"name": "28128",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28128"
},
{
"name": "MDKSA-2007:243",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:243"
},
{
"name": "28063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28063"
},
{
"name": "SUSE-SR:2008:003",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1999"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28343"
},
{
"name": "GLSA-200804-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-04.xml"
},
{
"name": "29706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29706"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mysql.com/32111"
},
{
"name": "oval:org.mitre.oval:def:10509",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html"
},
{
"name": "DSA-1451",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1451"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html"
},
{
"name": "1019060",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019060"
},
{
"name": "ADV-2007-4142",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4142"
},
{
"name": "USN-559-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/559-1/"
},
{
"name": "20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486477/100/0/threaded"
},
{
"name": "ADV-2008-1000",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1000/references"
},
{
"name": "SSA:2007-348-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.428959"
},
{
"name": "ADV-2008-0560",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0560/references"
},
{
"name": "26765",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26765"
},
{
"name": "FEDORA-2007-4465",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html"
},
{
"name": "28040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28040"
},
{
"name": "RHSA-2007:1157",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1157.html"
},
{
"name": "28099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28099"
},
{
"name": "28559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28559"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32222"
},
{
"name": "27981",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27981"
},
{
"name": "ADV-2007-4198",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4198"
},
{
"name": "FEDORA-2007-4471",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html"
},
{
"name": "[Announcements] 20071206 MySQL 5.0.51 has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.mysql.com/announce/495"
},
{
"name": "RHSA-2007:1155",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1155.html"
},
{
"name": "28108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28108"
},
{
"name": "28025",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28025"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.mysql.com/read.php?3%2C186931%2C186931"
},
{
"name": "28838",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28838"
},
{
"name": "28128",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28128"
},
{
"name": "MDKSA-2007:243",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:243"
},
{
"name": "28063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28063"
},
{
"name": "SUSE-SR:2008:003",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1999"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28343",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28343"
},
{
"name": "GLSA-200804-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-04.xml"
},
{
"name": "29706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29706"
},
{
"name": "http://bugs.mysql.com/32111",
"refsource": "CONFIRM",
"url": "http://bugs.mysql.com/32111"
},
{
"name": "oval:org.mitre.oval:def:10509",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509"
},
{
"name": "31681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html"
},
{
"name": "DSA-1451",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1451"
},
{
"name": "http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html"
},
{
"name": "1019060",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019060"
},
{
"name": "ADV-2007-4142",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4142"
},
{
"name": "USN-559-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/559-1/"
},
{
"name": "20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486477/100/0/threaded"
},
{
"name": "ADV-2008-1000",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1000/references"
},
{
"name": "SSA:2007-348-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.428959"
},
{
"name": "ADV-2008-0560",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0560/references"
},
{
"name": "26765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26765"
},
{
"name": "FEDORA-2007-4465",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html"
},
{
"name": "28040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28040"
},
{
"name": "RHSA-2007:1157",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1157.html"
},
{
"name": "28099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28099"
},
{
"name": "28559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28559"
},
{
"name": "32222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32222"
},
{
"name": "27981",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27981"
},
{
"name": "ADV-2007-4198",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4198"
},
{
"name": "FEDORA-2007-4471",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html"
},
{
"name": "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html"
},
{
"name": "[Announcements] 20071206 MySQL 5.0.51 has been released",
"refsource": "MLIST",
"url": "http://lists.mysql.com/announce/495"
},
{
"name": "RHSA-2007:1155",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1155.html"
},
{
"name": "28108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28108"
},
{
"name": "28025",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28025"
},
{
"name": "ADV-2008-2780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "http://forums.mysql.com/read.php?3,186931,186931",
"refsource": "CONFIRM",
"url": "http://forums.mysql.com/read.php?3,186931,186931"
},
{
"name": "28838",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28838"
},
{
"name": "28128",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28128"
},
{
"name": "MDKSA-2007:243",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:243"
},
{
"name": "28063",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28063"
},
{
"name": "SUSE-SR:2008:003",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"
},
{
"name": "APPLE-SA-2008-10-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT3216",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "https://issues.rpath.com/browse/RPL-1999",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1999"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5969",
"datePublished": "2007-12-10T19:00:00",
"dateReserved": "2007-11-14T00:00:00",
"dateUpdated": "2024-08-07T15:47:00.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3780 (GCVE-0-2007-3780)
Vulnerability from cvelistv5
Published
2007-07-15 22:00
Modified
2024-08-07 14:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.mysql.com/bug.php?id=28984"
},
{
"name": "26710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26710"
},
{
"name": "27823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27823"
},
{
"name": "RHSA-2007:0875",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0875.html"
},
{
"name": "MDKSA-2007:177",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:177"
},
{
"name": "SUSE-SR:2007:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_19_sr.html"
},
{
"name": "1018629",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018629"
},
{
"name": "RHSA-2007:0894",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0894.html"
},
{
"name": "26073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26073"
},
{
"name": "26621",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26621"
},
{
"name": "26498",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26498"
},
{
"name": "36732",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36732"
},
{
"name": "[announce] 20070712 MySQL Community Server 5.0.45 has been released!",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.mysql.com/announce/470"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html"
},
{
"name": "25017",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25017"
},
{
"name": "20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/473874/100/0/threaded"
},
{
"name": "ADV-2008-1000",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1000/references"
},
{
"name": "GLSA-200708-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200708-10.xml"
},
{
"name": "26987",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26987"
},
{
"name": "25301",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25301"
},
{
"name": "DSA-1413",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1413"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1536"
},
{
"name": "USN-528-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/528-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html"
},
{
"name": "27155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27155"
},
{
"name": "26430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26430"
},
{
"name": "oval:org.mitre.oval:def:11058",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.mysql.com/bug.php?id=28984"
},
{
"name": "26710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26710"
},
{
"name": "27823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27823"
},
{
"name": "RHSA-2007:0875",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0875.html"
},
{
"name": "MDKSA-2007:177",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:177"
},
{
"name": "SUSE-SR:2007:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_19_sr.html"
},
{
"name": "1018629",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018629"
},
{
"name": "RHSA-2007:0894",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0894.html"
},
{
"name": "26073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26073"
},
{
"name": "26621",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26621"
},
{
"name": "26498",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26498"
},
{
"name": "36732",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36732"
},
{
"name": "[announce] 20070712 MySQL Community Server 5.0.45 has been released!",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.mysql.com/announce/470"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html"
},
{
"name": "25017",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25017"
},
{
"name": "20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/473874/100/0/threaded"
},
{
"name": "ADV-2008-1000",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1000/references"
},
{
"name": "GLSA-200708-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200708-10.xml"
},
{
"name": "26987",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26987"
},
{
"name": "25301",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25301"
},
{
"name": "DSA-1413",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1413"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1536"
},
{
"name": "USN-528-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/528-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html"
},
{
"name": "27155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27155"
},
{
"name": "26430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26430"
},
{
"name": "oval:org.mitre.oval:def:11058",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11058"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.mysql.com/bug.php?id=28984",
"refsource": "MISC",
"url": "http://bugs.mysql.com/bug.php?id=28984"
},
{
"name": "26710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26710"
},
{
"name": "27823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27823"
},
{
"name": "RHSA-2007:0875",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0875.html"
},
{
"name": "MDKSA-2007:177",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:177"
},
{
"name": "SUSE-SR:2007:019",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_19_sr.html"
},
{
"name": "1018629",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018629"
},
{
"name": "RHSA-2007:0894",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0894.html"
},
{
"name": "26073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26073"
},
{
"name": "26621",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26621"
},
{
"name": "26498",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26498"
},
{
"name": "36732",
"refsource": "OSVDB",
"url": "http://osvdb.org/36732"
},
{
"name": "[announce] 20070712 MySQL Community Server 5.0.45 has been released!",
"refsource": "MLIST",
"url": "http://lists.mysql.com/announce/470"
},
{
"name": "http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html"
},
{
"name": "25017",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25017"
},
{
"name": "20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473874/100/0/threaded"
},
{
"name": "ADV-2008-1000",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1000/references"
},
{
"name": "GLSA-200708-10",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200708-10.xml"
},
{
"name": "26987",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26987"
},
{
"name": "25301",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25301"
},
{
"name": "DSA-1413",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1413"
},
{
"name": "https://issues.rpath.com/browse/RPL-1536",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1536"
},
{
"name": "USN-528-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/528-1/"
},
{
"name": "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html"
},
{
"name": "27155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27155"
},
{
"name": "26430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26430"
},
{
"name": "oval:org.mitre.oval:def:11058",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11058"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3780",
"datePublished": "2007-07-15T22:00:00",
"dateReserved": "2007-07-15T00:00:00",
"dateUpdated": "2024-08-07T14:28:52.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…