CVE-2007-2691

Sažetak

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

Reference

http://bugs.mysql.com/bug.php?id=27515
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.mysql.com/announce/470
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
http://osvdb.org/34766
http://secunia.com/advisories/25301
http://secunia.com/advisories/25946
http://secunia.com/advisories/26073
http://secunia.com/advisories/26430
http://secunia.com/advisories/27155
http://secunia.com/advisories/27823
http://secunia.com/advisories/28838
http://secunia.com/advisories/30351
http://secunia.com/advisories/31226
http://secunia.com/advisories/32222
http://support.apple.com/kb/HT3216
http://www.debian.org/security/2007/dsa-1413
http://www.mandriva.com/security/advisories?name=MDKSA-2007:139
http://www.redhat.com/support/errata/RHSA-2007-0894.html
http://www.redhat.com/support/errata/RHSA-2008-0364.html
http://www.redhat.com/support/errata/RHSA-2008-0768.html
http://www.securityfocus.com/archive/1/473874/100/0/threaded
http://www.securityfocus.com/bid/24016
http://www.securityfocus.com/bid/31681
http://www.securitytracker.com/id?1018069
http://www.vupen.com/english/advisories/2007/1804
http://www.vupen.com/english/advisories/2008/2780
https://exchange.xforce.ibmcloud.com/vulnerabilities/34347
https://issues.rpath.com/browse/RPL-1536
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559
https://usn.ubuntu.com/528-1/

CVSS

Base:	4.9
Impact:	4.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:P

Zadnje važnije ažuriranje

19-10-2018 - 19:00

Objavljeno

16-05-2007 - 01:19