Vulnerability-Lookup

CVE-2007-2691 (GCVE-0-2007-2691)

Vulnerability from cvelistv5 – Published: 2007-05-16 05:00 – Updated: 2024-08-07 13:49

Summary

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://bugs.mysql.com/bug.php?id=27515	x_refsource_MISC
	http://secunia.com/advisories/27823	third-party-advisoryx_refsource_SECUNIA
	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2007-08…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/26073	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/31681	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id?1018069	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/31226	third-party-advisoryx_refsource_SECUNIA
	http://lists.mysql.com/announce/470	mailing-listx_refsource_MLIST
	http://www.vupen.com/english/advisories/2007/1804	vdb-entryx_refsource_VUPEN
	http://www.redhat.com/support/errata/RHSA-2008-07…	vendor-advisoryx_refsource_REDHAT
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/25946	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/473874/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/24016	vdb-entryx_refsource_BID
	http://secunia.com/advisories/25301	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2007/dsa-1413	vendor-advisoryx_refsource_DEBIAN
	http://osvdb.org/34766	vdb-entryx_refsource_OSVDB
	https://issues.rpath.com/browse/RPL-1536	x_refsource_CONFIRM
	http://secunia.com/advisories/32222	third-party-advisoryx_refsource_SECUNIA
	https://usn.ubuntu.com/528-1/	vendor-advisoryx_refsource_UBUNTU
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/30351	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/27155	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/26430	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/2780	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/28838	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2008-03…	vendor-advisoryx_refsource_REDHAT
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://support.apple.com/kb/HT3216	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:49:57.228Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugs.mysql.com/bug.php?id=27515"
          },
          {
            "name": "27823",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27823"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html"
          },
          {
            "name": "RHSA-2007:0894",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0894.html"
          },
          {
            "name": "26073",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26073"
          },
          {
            "name": "31681",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31681"
          },
          {
            "name": "1018069",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018069"
          },
          {
            "name": "31226",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31226"
          },
          {
            "name": "[announce] 20070712 MySQL Community Server 5.0.45 has been released!",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.mysql.com/announce/470"
          },
          {
            "name": "ADV-2007-1804",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1804"
          },
          {
            "name": "RHSA-2008:0768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0768.html"
          },
          {
            "name": "mysql-renametable-weak-security(34347)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34347"
          },
          {
            "name": "25946",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25946"
          },
          {
            "name": "20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/473874/100/0/threaded"
          },
          {
            "name": "24016",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24016"
          },
          {
            "name": "25301",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25301"
          },
          {
            "name": "DSA-1413",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1413"
          },
          {
            "name": "34766",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/34766"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1536"
          },
          {
            "name": "32222",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32222"
          },
          {
            "name": "USN-528-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/528-1/"
          },
          {
            "name": "MDKSA-2007:139",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:139"
          },
          {
            "name": "30351",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30351"
          },
          {
            "name": "27155",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27155"
          },
          {
            "name": "26430",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26430"
          },
          {
            "name": "ADV-2008-2780",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2780"
          },
          {
            "name": "28838",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28838"
          },
          {
            "name": "SUSE-SR:2008:003",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"
          },
          {
            "name": "RHSA-2008:0364",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0364.html"
          },
          {
            "name": "APPLE-SA-2008-10-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3216"
          },
          {
            "name": "oval:org.mitre.oval:def:9559",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-05-14T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugs.mysql.com/bug.php?id=27515"
        },
        {
          "name": "27823",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27823"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html"
        },
        {
          "name": "RHSA-2007:0894",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0894.html"
        },
        {
          "name": "26073",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26073"
        },
        {
          "name": "31681",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31681"
        },
        {
          "name": "1018069",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018069"
        },
        {
          "name": "31226",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31226"
        },
        {
          "name": "[announce] 20070712 MySQL Community Server 5.0.45 has been released!",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.mysql.com/announce/470"
        },
        {
          "name": "ADV-2007-1804",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1804"
        },
        {
          "name": "RHSA-2008:0768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0768.html"
        },
        {
          "name": "mysql-renametable-weak-security(34347)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34347"
        },
        {
          "name": "25946",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25946"
        },
        {
          "name": "20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/473874/100/0/threaded"
        },
        {
          "name": "24016",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24016"
        },
        {
          "name": "25301",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25301"
        },
        {
          "name": "DSA-1413",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1413"
        },
        {
          "name": "34766",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/34766"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1536"
        },
        {
          "name": "32222",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32222"
        },
        {
          "name": "USN-528-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/528-1/"
        },
        {
          "name": "MDKSA-2007:139",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:139"
        },
        {
          "name": "30351",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30351"
        },
        {
          "name": "27155",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27155"
        },
        {
          "name": "26430",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26430"
        },
        {
          "name": "ADV-2008-2780",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2780"
        },
        {
          "name": "28838",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28838"
        },
        {
          "name": "SUSE-SR:2008:003",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"
        },
        {
          "name": "RHSA-2008:0364",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0364.html"
        },
        {
          "name": "APPLE-SA-2008-10-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3216"
        },
        {
          "name": "oval:org.mitre.oval:def:9559",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2691",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugs.mysql.com/bug.php?id=27515",
              "refsource": "MISC",
              "url": "http://bugs.mysql.com/bug.php?id=27515"
            },
            {
              "name": "27823",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27823"
            },
            {
              "name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html",
              "refsource": "CONFIRM",
              "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html"
            },
            {
              "name": "RHSA-2007:0894",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0894.html"
            },
            {
              "name": "26073",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26073"
            },
            {
              "name": "31681",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31681"
            },
            {
              "name": "1018069",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018069"
            },
            {
              "name": "31226",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31226"
            },
            {
              "name": "[announce] 20070712 MySQL Community Server 5.0.45 has been released!",
              "refsource": "MLIST",
              "url": "http://lists.mysql.com/announce/470"
            },
            {
              "name": "ADV-2007-1804",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1804"
            },
            {
              "name": "RHSA-2008:0768",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0768.html"
            },
            {
              "name": "mysql-renametable-weak-security(34347)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34347"
            },
            {
              "name": "25946",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25946"
            },
            {
              "name": "20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/473874/100/0/threaded"
            },
            {
              "name": "24016",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24016"
            },
            {
              "name": "25301",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25301"
            },
            {
              "name": "DSA-1413",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1413"
            },
            {
              "name": "34766",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/34766"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1536",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1536"
            },
            {
              "name": "32222",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32222"
            },
            {
              "name": "USN-528-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/528-1/"
            },
            {
              "name": "MDKSA-2007:139",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:139"
            },
            {
              "name": "30351",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30351"
            },
            {
              "name": "27155",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27155"
            },
            {
              "name": "26430",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26430"
            },
            {
              "name": "ADV-2008-2780",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2780"
            },
            {
              "name": "28838",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28838"
            },
            {
              "name": "SUSE-SR:2008:003",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"
            },
            {
              "name": "RHSA-2008:0364",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0364.html"
            },
            {
              "name": "APPLE-SA-2008-10-09",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3216",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3216"
            },
            {
              "name": "oval:org.mitre.oval:def:9559",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2691",
    "datePublished": "2007-05-16T05:00:00.000Z",
    "dateReserved": "2007-05-15T04:00:00.000Z",
    "dateUpdated": "2024-08-07T13:49:57.228Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2007-AVI-222

Vulnerability from certfr_avis - Published: 2007-05-18 - Updated: 2007-05-18

Deux vulnérabilités de MySQL permettent à un utilisateur de contourner la politique de sécurité et d'élever ses privilèges.

Description

Deux vulnérabilités sont présentes dans MySQL :

la première (27515), permet à un utilisateur connecté à la base de renommer dans certaines conditions une table sans posséder le privilège DROP ;
la seconde (27337), permet à un utilisateur d'élever ses privilèges en utilisant des procédures stockées de façon particulière.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	MySQL	MySQL version 5.1.
Oracle	MySQL	MySQL version 5.0 ;
Oracle	MySQL	MySQL version 4.1 ;
Oracle	MySQL	MySQL version 5.0.40 ;

References

Title

Publication Time

Tags

Bulletins de sécurité MySQL du 21 et 29 mars 2007	None	vendor-advisory
Bulletin de sécurité MySQL 27515 du 29 mars 2007 :	-	other
Bulletin de sécurité MySQL 27337 du 29 mars 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MySQL version 5.1.",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL version 5.0 ;",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL version 4.1 ;",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL version 5.0.40 ;",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans MySQL :\n\n-   la premi\u00e8re (27515), permet \u00e0 un utilisateur connect\u00e9 \u00e0 la base de\n    renommer dans certaines conditions une table sans poss\u00e9der le\n    privil\u00e8ge DROP ;\n-   la seconde (27337), permet \u00e0 un utilisateur d\u0027\u00e9lever ses privil\u00e8ges\n    en utilisant des proc\u00e9dures stock\u00e9es de fa\u00e7on particuli\u00e8re.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-2692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2692"
    },
    {
      "name": "CVE-2007-2691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2691"
    }
  ],
  "initial_release_date": "2007-05-18T00:00:00",
  "last_revision_date": "2007-05-18T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 MySQL 27515 du 29 mars 2007 :",
      "url": "http://bugs.mysql.com/bug.php?id=27515"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 MySQL 27337 du 29 mars 2007 :",
      "url": "http://bugs.mysql.com/bug.php?id=27337"
    }
  ],
  "reference": "CERTA-2007-AVI-222",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-05-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s de MySQL permettent \u00e0 un utilisateur de contourner\nla politique de s\u00e9curit\u00e9 et d\u0027\u00e9lever ses privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans MySQL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 MySQL du 21 et 29 mars 2007",
      "url": null
    }
  ]
}

CERTA-2008-AVI-492

Vulnerability from certfr_avis - Published: 2008-10-13 - Updated: 2008-10-13

Plusieurs vulnérabilités affectant Apple Mac Os X permettent à une personne malveillante d'effectuer une exécution de code arbitraire, de provoquer un déni de service à distance, de contourner la politique de sécurité, de porter atteinte à la confidentialité des données et d'élever ses privilèges sur le système.

Description

De multiples vulnérabilités ont été découvertes dans Apple Mac OS X. Ces dernières affectent entre autres :

ColorSync ;
CUPS ;
Finder ;
Postfix ;
Networking ;
...

Elles permettent à une personne malintentionnée d'effectuer une exécution de code arbitraire , de provoquer un déni de service à distance, de contourner la politique de sécurité, de porter atteinte à la confidentialité des données et d'élever ses privilèges sur le système.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Mac OS X 10.4.11 ;
	N/A	N/A	Mac OS X 10.5.5.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3216 du 09 octobre 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.4.11 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.5.5.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apple Mac OS X. Ces\nderni\u00e8res affectent entre autres :\n\n-   ColorSync ;\n-   CUPS ;\n-   Finder ;\n-   Postfix ;\n-   Networking ;\n-   ...\n\nElles permettent \u00e0 une personne malintentionn\u00e9e d\u0027effectuer une\nex\u00e9cution de code arbitraire , de provoquer un d\u00e9ni de service \u00e0\ndistance, de contourner la politique de s\u00e9curit\u00e9, de porter atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et d\u0027\u00e9lever ses privil\u00e8ges sur le\nsyst\u00e8me.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1678"
    },
    {
      "name": "CVE-2008-3643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3643"
    },
    {
      "name": "CVE-2008-0226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0226"
    },
    {
      "name": "CVE-2008-3642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3642"
    },
    {
      "name": "CVE-2008-4212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4212"
    },
    {
      "name": "CVE-2008-0002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0002"
    },
    {
      "name": "CVE-2008-4215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4215"
    },
    {
      "name": "CVE-2007-6420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6420"
    },
    {
      "name": "CVE-2008-2371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2371"
    },
    {
      "name": "CVE-2008-0674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0674"
    },
    {
      "name": "CVE-2007-5969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5969"
    },
    {
      "name": "CVE-2008-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3646"
    },
    {
      "name": "CVE-2008-3912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3912"
    },
    {
      "name": "CVE-2008-3914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3914"
    },
    {
      "name": "CVE-2007-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
    },
    {
      "name": "CVE-2008-3432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3432"
    },
    {
      "name": "CVE-2008-2079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2079"
    },
    {
      "name": "CVE-2008-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1389"
    },
    {
      "name": "CVE-2008-1232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
    },
    {
      "name": "CVE-2008-2370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
    },
    {
      "name": "CVE-2007-5333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
    },
    {
      "name": "CVE-2008-2712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2712"
    },
    {
      "name": "CVE-2008-1947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
    },
    {
      "name": "CVE-2007-4850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4850"
    },
    {
      "name": "CVE-2007-2691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2691"
    },
    {
      "name": "CVE-2007-6286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6286"
    },
    {
      "name": "CVE-2008-3641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3641"
    },
    {
      "name": "CVE-2008-3913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3913"
    },
    {
      "name": "CVE-2008-3294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3294"
    },
    {
      "name": "CVE-2008-3645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3645"
    },
    {
      "name": "CVE-2008-3647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3647"
    },
    {
      "name": "CVE-2007-5342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5342"
    },
    {
      "name": "CVE-2008-2364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2364"
    },
    {
      "name": "CVE-2008-4214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4214"
    },
    {
      "name": "CVE-2008-1767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1767"
    },
    {
      "name": "CVE-2008-2938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2938"
    },
    {
      "name": "CVE-2008-0227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0227"
    },
    {
      "name": "CVE-2008-4101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4101"
    },
    {
      "name": "CVE-2008-4211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4211"
    }
  ],
  "initial_release_date": "2008-10-13T00:00:00",
  "last_revision_date": "2008-10-13T00:00:00",
  "links": [],
  "reference": "CERTA-2008-AVI-492",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-10-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectant Apple Mac Os X permettent \u00e0 une\npersonne malveillante d\u0027effectuer une ex\u00e9cution de code arbitraire, de\nprovoquer un d\u00e9ni de service \u00e0 distance, de contourner la politique de\ns\u00e9curit\u00e9, de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nd\u0027\u00e9lever ses privil\u00e8ges sur le syst\u00e8me.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3216 du 09 octobre 2008",
      "url": "http://support.apple.com/kb/HT3216"
    }
  ]
}

GHSA-2XC6-GJ77-5G2J

Vulnerability from github – Published: 2022-05-01 18:06 – Updated: 2025-04-09 03:41

Details

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-2691"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-05-16T01:19:00Z",
    "severity": "MODERATE"
  },
  "details": "MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.",
  "id": "GHSA-2xc6-gj77-5g2j",
  "modified": "2025-04-09T03:41:39Z",
  "published": "2022-05-01T18:06:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2691"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34347"
    },
    {
      "type": "WEB",
      "url": "https://issues.rpath.com/browse/RPL-1536"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/528-1"
    },
    {
      "type": "WEB",
      "url": "http://bugs.mysql.com/bug.php?id=27515"
    },
    {
      "type": "WEB",
      "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.mysql.com/announce/470"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/34766"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25301"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25946"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26073"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26430"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27155"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27823"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28838"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30351"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31226"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32222"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2007/dsa-1413"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:139"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0894.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0364.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0768.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/473874/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/24016"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/31681"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018069"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1804"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2780"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2007-2691

Vulnerability from fkie_nvd - Published: 2007-05-16 01:19 - Updated: 2025-04-09 00:30

Severity ?

Summary

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

References

URL	Tags
cve@mitre.org	http://bugs.mysql.com/bug.php?id=27515	Vendor Advisory
cve@mitre.org	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html	Patch, Vendor Advisory
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html	Mailing List, Third Party Advisory
cve@mitre.org	http://lists.mysql.com/announce/470	Vendor Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html	Third Party Advisory
cve@mitre.org	http://osvdb.org/34766	Broken Link
cve@mitre.org	http://secunia.com/advisories/25301	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/25946	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/26073	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/26430	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/27155	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/27823	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/28838	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/30351	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/31226	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/32222	Third Party Advisory
cve@mitre.org	http://support.apple.com/kb/HT3216	Third Party Advisory
cve@mitre.org	http://www.debian.org/security/2007/dsa-1413	Third Party Advisory
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2007:139	Third Party Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2007-0894.html	Third Party Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0364.html	Third Party Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0768.html	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/473874/100/0/threaded	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/24016	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/31681	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id?1018069	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1804	Third Party Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2780	Third Party Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/34347	Third Party Advisory, VDB Entry
cve@mitre.org	https://issues.rpath.com/browse/RPL-1536	Broken Link
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/528-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://bugs.mysql.com/bug.php?id=27515	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.mysql.com/announce/470	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/34766	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25301	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25946	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26073	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26430	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27155	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27823	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28838	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30351	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31226	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32222	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3216	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2007/dsa-1413	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2007:139	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2007-0894.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0364.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0768.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/473874/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24016	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31681	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018069	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1804	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2780	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34347	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-1536	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/528-1/	Third Party Advisory

Impacted products

Vendor	Product	Version
mysql	mysql	*
mysql	mysql	*
mysql	mysql	*
debian	debian_linux	3.1
debian	debian_linux	4.0
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	6.10
canonical	ubuntu_linux	7.04

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADBEF6DC-B3F3-4022-8EA8-954DC7190DCB",
              "versionEndIncluding": "4.1.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16C0994F-0692-448D-A0FB-93C05760E5D5",
              "versionEndExcluding": "5.0.42",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5624BDD4-657E-4E27-8DE2-EA15028C21D6",
              "versionEndExcluding": "5.1.18",
              "versionStartIncluding": "5.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
              "matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables."
    },
    {
      "lang": "es",
      "value": "MySQL anterior a 4.1.23, 5.0.x anterior a 5.0.42, y 5.1.x anterior a 5.1.18 no requiere el privilegio DROP para sentencias RENAME TABLE, lo cual permite a usuarios autenticados remotamente renombrar tablas de su elecci\u00f3n."
    }
  ],
  "evaluatorSolution": "The vendor has released a product update to address this issue:\r\nUpgrade to MySQL version 5.1.18: http://dev.mysql.com/downloads/",
  "id": "CVE-2007-2691",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-05-16T01:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://bugs.mysql.com/bug.php?id=27515"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.mysql.com/announce/470"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/34766"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/25301"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/25946"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/26073"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/26430"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27155"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27823"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/28838"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/30351"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/31226"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/32222"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2007/dsa-1413"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:139"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0894.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0364.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0768.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/473874/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/24016"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/31681"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1018069"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/1804"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2780"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34347"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://issues.rpath.com/browse/RPL-1536"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/528-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://bugs.mysql.com/bug.php?id=27515"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.mysql.com/announce/470"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/34766"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/25301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/25946"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/26073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/26430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27155"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/28838"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/30351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/31226"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/32222"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2007/dsa-1413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0894.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0364.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0768.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/473874/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/24016"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/31681"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1018069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/1804"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34347"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://issues.rpath.com/browse/RPL-1536"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/528-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-2691\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.  More information regarding issue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/\n",
      "lastModified": "2007-05-29T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2007-2691

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

Aliases

CVE-2007-2691

Aliases

CVE-2007-2691

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-2691",
    "description": "MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.",
    "id": "GSD-2007-2691",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-2691.html",
      "https://www.debian.org/security/2007/dsa-1413",
      "https://access.redhat.com/errata/RHSA-2008:0768",
      "https://access.redhat.com/errata/RHSA-2008:0364",
      "https://access.redhat.com/errata/RHSA-2007:0894",
      "https://linux.oracle.com/cve/CVE-2007-2691.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-2691"
      ],
      "details": "MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.",
      "id": "GSD-2007-2691",
      "modified": "2023-12-13T01:21:38.226540Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-2691",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://bugs.mysql.com/bug.php?id=27515",
            "refsource": "MISC",
            "url": "http://bugs.mysql.com/bug.php?id=27515"
          },
          {
            "name": "27823",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27823"
          },
          {
            "name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html",
            "refsource": "CONFIRM",
            "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html"
          },
          {
            "name": "RHSA-2007:0894",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0894.html"
          },
          {
            "name": "26073",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26073"
          },
          {
            "name": "31681",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/31681"
          },
          {
            "name": "1018069",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018069"
          },
          {
            "name": "31226",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31226"
          },
          {
            "name": "[announce] 20070712 MySQL Community Server 5.0.45 has been released!",
            "refsource": "MLIST",
            "url": "http://lists.mysql.com/announce/470"
          },
          {
            "name": "ADV-2007-1804",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/1804"
          },
          {
            "name": "RHSA-2008:0768",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0768.html"
          },
          {
            "name": "mysql-renametable-weak-security(34347)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34347"
          },
          {
            "name": "25946",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25946"
          },
          {
            "name": "20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/473874/100/0/threaded"
          },
          {
            "name": "24016",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/24016"
          },
          {
            "name": "25301",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25301"
          },
          {
            "name": "DSA-1413",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2007/dsa-1413"
          },
          {
            "name": "34766",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/34766"
          },
          {
            "name": "https://issues.rpath.com/browse/RPL-1536",
            "refsource": "CONFIRM",
            "url": "https://issues.rpath.com/browse/RPL-1536"
          },
          {
            "name": "32222",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32222"
          },
          {
            "name": "USN-528-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/528-1/"
          },
          {
            "name": "MDKSA-2007:139",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:139"
          },
          {
            "name": "30351",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30351"
          },
          {
            "name": "27155",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27155"
          },
          {
            "name": "26430",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26430"
          },
          {
            "name": "ADV-2008-2780",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2780"
          },
          {
            "name": "28838",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28838"
          },
          {
            "name": "SUSE-SR:2008:003",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"
          },
          {
            "name": "RHSA-2008:0364",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0364.html"
          },
          {
            "name": "APPLE-SA-2008-10-09",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
          },
          {
            "name": "http://support.apple.com/kb/HT3216",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3216"
          },
          {
            "name": "oval:org.mitre.oval:def:9559",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.1.18",
                "versionStartIncluding": "5.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.42",
                "versionStartIncluding": "5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.22",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2691"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugs.mysql.com/bug.php?id=27515",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://bugs.mysql.com/bug.php?id=27515"
            },
            {
              "name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html"
            },
            {
              "name": "24016",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/24016"
            },
            {
              "name": "1018069",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id?1018069"
            },
            {
              "name": "25301",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/25301"
            },
            {
              "name": "[announce] 20070712 MySQL Community Server 5.0.45 has been released!",
              "refsource": "MLIST",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.mysql.com/announce/470"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1536",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link"
              ],
              "url": "https://issues.rpath.com/browse/RPL-1536"
            },
            {
              "name": "DSA-1413",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2007/dsa-1413"
            },
            {
              "name": "MDKSA-2007:139",
              "refsource": "MANDRIVA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:139"
            },
            {
              "name": "RHSA-2007:0894",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0894.html"
            },
            {
              "name": "25946",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/25946"
            },
            {
              "name": "26073",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/26073"
            },
            {
              "name": "27155",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/27155"
            },
            {
              "name": "26430",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/26430"
            },
            {
              "name": "27823",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/27823"
            },
            {
              "name": "SUSE-SR:2008:003",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"
            },
            {
              "name": "28838",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/28838"
            },
            {
              "name": "31226",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/31226"
            },
            {
              "name": "APPLE-SA-2008-10-09",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
            },
            {
              "name": "31681",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/31681"
            },
            {
              "name": "http://support.apple.com/kb/HT3216",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://support.apple.com/kb/HT3216"
            },
            {
              "name": "32222",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/32222"
            },
            {
              "name": "RHSA-2008:0768",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0768.html"
            },
            {
              "name": "30351",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/30351"
            },
            {
              "name": "RHSA-2008:0364",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0364.html"
            },
            {
              "name": "ADV-2007-1804",
              "refsource": "VUPEN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1804"
            },
            {
              "name": "ADV-2008-2780",
              "refsource": "VUPEN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2780"
            },
            {
              "name": "34766",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://osvdb.org/34766"
            },
            {
              "name": "mysql-renametable-weak-security(34347)",
              "refsource": "XF",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34347"
            },
            {
              "name": "oval:org.mitre.oval:def:9559",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559"
            },
            {
              "name": "USN-528-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/528-1/"
            },
            {
              "name": "20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/473874/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.9,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-19T19:00Z",
      "publishedDate": "2007-05-16T01:19Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-2691 (GCVE-0-2007-2691)

CERTA-2007-AVI-222

Description

Solution

CERTA-2008-AVI-492

Description

Solution

GHSA-2XC6-GJ77-5G2J

FKIE_CVE-2007-2691

GSD-2007-2691

Tags

Sightings

Nomenclature