CVE-2007-2691 Information
Share on:Description
MySQL before 4.1.23 5.0.x before 5.0.42 and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements which allows remote authenticated users to rename arbitrary tables.
Reference
http://bugs.mysql.com/bug.php?id=27515 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.mysql.com/announce/470 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html http://osvdb.org/34766 http://secunia.com/advisories/25301 http://secunia.com/advisories/25946 http://secunia.com/advisories/26073 http://secunia.com/advisories/26430 http://secunia.com/advisories/27155 http://secunia.com/advisories/27823 http://secunia.com/advisories/28838 http://secunia.com/advisories/30351 http://secunia.com/advisories/31226 http://secunia.com/advisories/32222 http://support.apple.com/kb/HT3216 http://www.debian.org/security/2007/dsa-1413 http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 http://www.redhat.com/support/errata/RHSA-2007-0894.html http://www.redhat.com/support/errata/RHSA-2008-0364.html http://www.redhat.com/support/errata/RHSA-2008-0768.html http://www.securityfocus.com/archive/1/473874/100/0/threaded http://www.securityfocus.com/bid/24016 http://www.securityfocus.com/bid/31681 http://www.securitytracker.com/id?1018069 http://www.vupen.com/english/advisories/2007/1804 http://www.vupen.com/english/advisories/2008/2780 https://exchange.xforce.ibmcloud.com/vulnerabilities/34347 https://issues.rpath.com/browse/RPL-1536 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9559 https://usn.ubuntu.com/528-1/