MySQL Alter Table Function Information Disclosure Vulnerability
BID:24008
Info
MySQL Alter Table Function Information Disclosure Vulnerability
| Bugtraq ID: | 24008 |
| Class: | Access Validation Error |
| CVE: |
CVE-2007-2693 |
| Remote: | Yes |
| Local: | No |
| Published: | May 16 2007 12:00AM |
| Updated: | Mar 13 2008 03:31AM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
MySQL AB MySQL 5.1.17 MySQL AB MySQL 5.1.16 MySQL AB MySQL 5.1.15 MySQL AB MySQL 5.1.14 MySQL AB MySQL 5.1.13 MySQL AB MySQL 5.1.12 MySQL AB MySQL 5.1.11 MySQL AB MySQL 5.1.10 MySQL AB MySQL 5.1.9 MySQL AB MySQL 5.1.6 MySQL AB MySQL 5.1.5 |
| Not Vulnerable: |
MySQL AB MySQL 5.1.18 |
Discussion
MySQL Alter Table Function Information Disclosure Vulnerability
MySQL is prone to an information-disclosure vulnerability because it fails to perform adequate access control.
Exploiting this issue can allow an attacker to obtain potentially sensitive information from partitioned tables. Information gained could aid in further attacks.
Versions prior to 5.1.18 are vulnerable.
MySQL is prone to an information-disclosure vulnerability because it fails to perform adequate access control.
Exploiting this issue can allow an attacker to obtain potentially sensitive information from partitioned tables. Information gained could aid in further attacks.
Versions prior to 5.1.18 are vulnerable.
Exploit / POC
MySQL Alter Table Function Information Disclosure Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
MySQL Alter Table Function Information Disclosure Vulnerability
Solution:
The vendor has released version 5.1.18 to address this issue. Please see the references for more information.
MySQL AB MySQL 5.1.10
MySQL AB MySQL 5.1.11
MySQL AB MySQL 5.1.12
MySQL AB MySQL 5.1.13
MySQL AB MySQL 5.1.14
MySQL AB MySQL 5.1.15
MySQL AB MySQL 5.1.16
MySQL AB MySQL 5.1.17
MySQL AB MySQL 5.1.5
MySQL AB MySQL 5.1.6
MySQL AB MySQL 5.1.9
Solution:
The vendor has released version 5.1.18 to address this issue. Please see the references for more information.
MySQL AB MySQL 5.1.10
-
MySQL AB mysql-5.1.18-beta.tar.gz
http://dev.mysql.com/get/Downloads/MySQL-5.1/mysql-5.1.18-beta.tar.gz/ from/pick
MySQL AB MySQL 5.1.11
-
MySQL AB mysql-5.1.18-beta.tar.gz
http://dev.mysql.com/get/Downloads/MySQL-5.1/mysql-5.1.18-beta.tar.gz/ from/pick
MySQL AB MySQL 5.1.12
-
MySQL AB mysql-5.1.18-beta.tar.gz
http://dev.mysql.com/get/Downloads/MySQL-5.1/mysql-5.1.18-beta.tar.gz/ from/pick
MySQL AB MySQL 5.1.13
-
MySQL AB mysql-5.1.18-beta.tar.gz
http://dev.mysql.com/get/Downloads/MySQL-5.1/mysql-5.1.18-beta.tar.gz/ from/pick
MySQL AB MySQL 5.1.14
-
MySQL AB mysql-5.1.18-beta.tar.gz
http://dev.mysql.com/get/Downloads/MySQL-5.1/mysql-5.1.18-beta.tar.gz/ from/pick
MySQL AB MySQL 5.1.15
-
MySQL AB mysql-5.1.18-beta.tar.gz
http://dev.mysql.com/get/Downloads/MySQL-5.1/mysql-5.1.18-beta.tar.gz/ from/pick
MySQL AB MySQL 5.1.16
-
MySQL AB mysql-5.1.18-beta.tar.gz
http://dev.mysql.com/get/Downloads/MySQL-5.1/mysql-5.1.18-beta.tar.gz/ from/pick
MySQL AB MySQL 5.1.17
-
MySQL AB mysql-5.1.18-beta.tar.gz
http://dev.mysql.com/get/Downloads/MySQL-5.1/mysql-5.1.18-beta.tar.gz/ from/pick
MySQL AB MySQL 5.1.5
-
MySQL AB mysql-5.1.18-beta.tar.gz
http://dev.mysql.com/get/Downloads/MySQL-5.1/mysql-5.1.18-beta.tar.gz/ from/pick
MySQL AB MySQL 5.1.6
-
MySQL AB mysql-5.1.18-beta.tar.gz
http://dev.mysql.com/get/Downloads/MySQL-5.1/mysql-5.1.18-beta.tar.gz/ from/pick
MySQL AB MySQL 5.1.9
-
MySQL AB mysql-5.1.18-beta.tar.gz
http://dev.mysql.com/get/Downloads/MySQL-5.1/mysql-5.1.18-beta.tar.gz/ from/pick
References
MySQL Alter Table Function Information Disclosure Vulnerability
References:
References:
- MySQL Homepage (Oracle)
- C.1.2. Changes in release 5.1.18 (08 May 2007) (MySQL AB)