CVE-2007-5969

Summary

CVE	CVE-2007-5969
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2007-12-10 19:46:00 UTC
Updated	2023-11-07 02:01:00 UTC
Description	MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.

Risk And Classification

Problem Types: CWE-264

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Mysql	Community Server	5.0.41	All	All	All
Application	Mysql	Community Server	5.0.44	All	All	All
Application	Mysql	Community Server	5.0.45	All	All	All
Application	Mysql	Community Server	5.0.41	All	All	All
Application	Mysql	Community Server	5.0.44	All	All	All
Application	Mysql	Community Server	5.0.45	All	All	All
Application	Mysql	Community Server	All	All	All	All
Application	Mysql	Mysql Enterprise Server	5.0.50	All	All	All
Application	Mysql	Mysql Enterprise Server	5.0.50	All	All	All
Application	Mysql	Mysql Server	5.1.22	All	All	All
Application	Mysql	Mysql Server	6.0	All	All	All
Application	Mysql	Mysql Server	6.0.1	All	All	All
Application	Mysql	Mysql Server	6.0.2	All	All	All
Application	Mysql	Mysql Server	6.0.3	All	All	All
Application	Mysql	Mysql Server	5.1.22	All	All	All
Application	Mysql	Mysql Server	6.0	All	All	All
Application	Mysql	Mysql Server	6.0.1	All	All	All
Application	Mysql	Mysql Server	6.0.2	All	All	All
Application	Mysql	Mysql Server	6.0.3	All	All	All

References

Reference	Source	Link	Tags
MySQL AB :: MySQL 5.0 Reference Manual :: C.1.3 Release Notes for MySQL Enterprise 5.0.52 [MRU] (30 Nov 2007)	CONFIRM	dev.mysql.com
MySQL AB :: MySQL 5.0.51 has been released		forums.mysql.com
[SECURITY] Fedora 7 Update: mysql-5.0.45-6.fc7	FEDORA	www.redhat.com
MySQL Server RENAME TABLE System Table Overwrite Vulnerability	BID	www.securityfocus.com
Repository / Oval Repository	OVAL	oval.cisecurity.org
MySQL :: MySQL 3.23, 4.0, 4.1 Reference Manual :: B.1.2 Changes in MySQL 4.1.24 (01 March 2008)	CONFIRM	dev.mysql.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Vendor Advisory
rPath update for mysql - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
MySQL AB :: MySQL 5.0.51 has been released	CONFIRM	forums.mysql.com
MySQL System Table Information Overwrite Vulnerability - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Debian update for mysql-dfsg-5.0 - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Vendor Advisory
USN-559-1: MySQL vulnerabilities \| Ubuntu security notices	UBUNTU	usn.ubuntu.com
[security-announce] SUSE Security Summary Report SUSE-SR:2008:003	SUSE	lists.opensuse.org
SecurityTracker.com Archives - MySQL Rename Table Bug Lets Remote Authenticated Users Modify System Table Information	SECTRACK	www.securitytracker.com
rhn.redhat.com \| Red Hat Support	REDHAT	www.redhat.com	Vendor Advisory
MySQL AB :: MySQL 5.0 Reference Manual :: D.1.1 Release Notes for MySQL Community Server 5.0.51 (15 November 2007)	CONFIRM	dev.mysql.com
Advisories \| Mandriva	MANDRIVA	www.mandriva.com
MySQL Bugs: Access denied	CONFIRM	bugs.mysql.com
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
rhn.redhat.com \| Red Hat Support	REDHAT	www.redhat.com	Vendor Advisory
RETIRED: Apple Mac OS X 2008-007 Multiple Security Vulnerabilities	BID	www.securityfocus.com	Patch
Mandriva update for MySQL - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Debian -- Security Information -- DSA-1451-1 mysql-dfsg-5.0	DEBIAN	www.debian.org
Gentoo Linux Documentation -- MySQL: Multiple vulnerabilities	GENTOO	security.gentoo.org
About Security Update 2008-007	CONFIRM	support.apple.com
issues.rpath.com/browse/RPL-1999	CONFIRM	issues.rpath.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Vendor Advisory
The Slackware Linux Project: Slackware Security Advisories	SLACKWARE	slackware.com
Gentoo update for mysql - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Fedora update for mysql - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Red Hat update for mysql - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
SUSE Update for Multiple Packages - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
MySQL Security Issue and Two Vulnerabilities - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
APPLE-SA-2008-10-09 Security Update 2008-007	APPLE	lists.apple.com
Slackware update for mysql - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
MySQL Lists: announce: MySQL 5.0.51 has been released	MLIST	lists.mysql.com	Exploit, Vendor Advisory
SecurityFocus	BUGTRAQ	www.securityfocus.com
Webmail \| OVH- OVH	VUPEN	www.vupen.com	Vendor Advisory
Ubuntu update for mysql - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
[SECURITY] Fedora 8 Update: mysql-5.0.45-6.fc8	FEDORA	www.redhat.com
Webmail - OVH	VUPEN	www.vupen.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.