Vulnerabilities > CVE-2007-5969 - Permissions, Privileges, and Access Controls vulnerability in Mysql products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

mysql

CWE-264

nessus

NVD

Published: 2007-12-10

Updated: 2023-11-07

Summary

MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.

Vulnerable Configurations

Part	Description	Count
Application	Mysql Mysql Mysql Server 6.0 Mysql Mysql Server 6.0.3 Mysql Mysql Server 6.0.1 Mysql Mysql Server 5.1.22 Mysql Mysql Server 6.0.2 Mysql Community Server 5.0.45 Mysql Community Server 5.0.41 Mysql Community Server 5.0.44 Mysql Mysql Enterprise Server 5.0.50	9

Common Weakness Enumeration (CWE)

CWE-264 - Permissions, Privileges, and Access Controls

Common Attack Pattern Enumeration and Classification (CAPEC)

Accessing, Modifying or Executing Executable Files
An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
Blue Boxing
This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
Restful Privilege Elevation
Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
Target Programs with Elevated Privileges
This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2008-007.NASL
description	The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-007 applied. This security update contains fixes for the following products : - Apache - Certificates - ClamAV - ColorSync - CUPS - Finder - launchd - libxslt - MySQL Server - Networking - PHP - Postfix - PSNormalizer - QuickLook - rlogin - Script Editor - Single Sign-On - Tomcat - vim - Weblog
last seen	2020-06-01
modified	2020-06-02
plugin id	34374
published	2008-10-10
reporter	This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/34374
title	Mac OS X Multiple Vulnerabilities (Security Update 2008-007)
code	# # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3004) exit(0); include("compat.inc"); if (description) { script_id(34374); script_version("1.31"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id( "CVE-2007-2691", "CVE-2007-4850", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-5969", "CVE-2007-6286", "CVE-2007-6420", "CVE-2008-0002", "CVE-2008-0226", "CVE-2008-0227", "CVE-2008-0674", "CVE-2008-1232", "CVE-2008-1389", "CVE-2008-1678", "CVE-2008-1767", "CVE-2008-1947", "CVE-2008-2079", "CVE-2008-2364", "CVE-2008-2370", "CVE-2008-2371", "CVE-2008-2712", "CVE-2008-2938", "CVE-2008-3294", "CVE-2008-3432", "CVE-2008-3641", "CVE-2008-3642", "CVE-2008-3643", "CVE-2008-3645", "CVE-2008-3646", "CVE-2008-3647", "CVE-2008-3912", "CVE-2008-3913", "CVE-2008-3914", "CVE-2008-4101", "CVE-2008-4211", "CVE-2008-4212", "CVE-2008-4214", "CVE-2008-4215" ); script_bugtraq_id( 24016, 26070, 26765, 27006, 27140, 27236, 27413, 27703, 27706, 27786, 29106, 29312, 29502, 29653, 29715, 30087, 30279, 30494, 30496, 30633, 30795, 30994, 31051, 31681, 31692, 31707, 31708, 31711, 31715, 31716, 31718, 31719, 31720, 31721, 31722 ); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2008-007)"); script_summary(english:"Check for the presence of Security Update 2008-007"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-007 applied. This security update contains fixes for the following products : - Apache - Certificates - ClamAV - ColorSync - CUPS - Finder - launchd - libxslt - MySQL Server - Networking - PHP - Postfix - PSNormalizer - QuickLook - rlogin - Script Editor - Single Sign-On - Tomcat - vim - Weblog" ); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3216" ); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" ); script_set_attribute(attribute:"solution", value: "Install Security Update 2008-007 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"Apache Tomcat File Disclosure"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'MySQL yaSSL SSL Hello Message Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(16, 20, 22, 79, 94, 119, 189, 200, 264, 352, 362, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/10/10"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/10/15"); script_set_attribute(attribute:"patch_publication_date", value: "2008/10/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if (!uname) exit(0); if (egrep(pattern:"Darwin.* (8\.[0-9]\.\|8\.1[01]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages"); if (!packages) exit(0); if (!egrep(pattern:"^SecUpd(Srvr)?(2008-00[78]\|2009-\|20[1-9][0-9]-)", string:packages)) security_hole(0); } else if (egrep(pattern:"Darwin.* (9\.[0-5]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(0); if (!egrep(pattern:"^com\.apple\.pkg\.update\.security\.2008\.007\.bom", string:packages)) security_hole(0); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2007-1155.NASL
description	Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld), and many different client programs and libraries. A flaw was found in a way MySQL handled symbolic links when database tables were created with explicit
last seen	2020-06-01
modified	2020-06-02
plugin id	29737
published	2007-12-19
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/29737
title	RHEL 4 / 5 : mysql (RHSA-2007:1155)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2007-1157.NASL
description	The remote CentOS system is missing a security update which has been documented in Red Hat advisory RHSA-2007-1157.
last seen	2020-06-01
modified	2020-06-02
plugin id	29752
published	2007-12-24
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/29752
title	CentOS 4 : mysql (CESA-2007:1222-001)

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2007-348-01.NASL
description	New mysql packages are available for Slackware 11.0, 12.0, and -current to fix bugs and security issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	29704
published	2007-12-17
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/29704
title	Slackware 11.0 / 12.0 / current : mysql (SSA:2007-348-01)

NASL family	Databases
NASL id	MYSQL_5_0_67.NASL
description	The version of MySQL Community Server 5.0 installed on the remote host is before 5.0.66. Such versions are reportedly affected by the following issues : - When using a FEDERATED table, a local server could be forced to crash if the remote server returns a result with fewer columns than expected (Bug #29801). - ALTER VIEW retains the original DEFINER value, even when altered by another user, which could allow that user to gain the access rights of the view (Bug #29908). - A local user can circumvent privileges through creation of MyISAM tables using the
last seen	2020-06-01
modified	2020-06-02
plugin id	34159
published	2008-09-11
reporter	This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/34159
title	MySQL Community Server 5.0 < 5.0.67 Multiple Vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	SUSE_MYSQL-4879.NASL
description	This update fixes several security vulnerabilities (note: not all versions are affected by every bug) : - CVE-2007-2583 - CVE-2007-2691 - CVE-2007-2692 - CVE-2007-5925 - CVE-2007-5969 - CVE-2007-6303 - CVE-2007-6304
last seen	2020-06-01
modified	2020-06-02
plugin id	30182
published	2008-02-05
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/30182
title	SuSE 10 Security Update : MySQL (ZYPP Patch Number 4879)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2007-1155.NASL
description	From Red Hat Security Advisory 2007:1155 : Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld), and many different client programs and libraries. A flaw was found in a way MySQL handled symbolic links when database tables were created with explicit
last seen	2020-06-01
modified	2020-06-02
plugin id	67624
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67624
title	Oracle Linux 4 / 5 : mysql (ELSA-2007-1155)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200804-04.NASL
description	The remote host is affected by the vulnerability described in GLSA-200804-04 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been reported in MySQL: Mattias Jonsson reported that a
last seen	2020-06-01
modified	2020-06-02
plugin id	31835
published	2008-04-11
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/31835
title	GLSA-200804-04 : MySQL: Multiple vulnerabilities

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20071218_MYSQL_ON_SL5_X.NASL
description	A flaw was found in a way MySQL handled symbolic links when database tables were created with explicit
last seen	2020-06-01
modified	2020-06-02
plugin id	60332
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60332
title	Scientific Linux Security Update : mysql on SL5.x, SL4.x i386/x86_64

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2007-243.NASL
description	A vulnerability in MySQL prior to 5.0.45 did not require priveliges such as SELECT for the source table in a CREATE TABLE LIKE statement, allowing remote authenticated users to obtain sensitive information such as the table structure (CVE-2007-3781). A vulnerability in the InnoDB engine in MySQL allowed remote authenticated users to cause a denial of service (database crash) via certain CONTAINS operations on an indexed column, which triggered an assertion error (CVE-2007-5925). Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options could be used to overwrite system table information by replacing the file to which a symlink pointed to (CVE-2007-5969). The updated packages have been patched to correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	29300
published	2007-12-11
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/29300
title	Mandrake Linux Security Advisory : MySQL (MDKSA-2007:243)

NASL family	Databases
NASL id	MYSQL_5_0_51.NASL
description	The version of MySQL Community Server installed on the remote host reportedly fails to check whether a file to which a symlink points exists when using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options. A local attacker may be able to leverage this issue to overwrite system table information by replacing the file to which the symlink points.
last seen	2020-06-01
modified	2020-06-02
plugin id	29251
published	2007-12-10
reporter	This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/29251
title	MySQL Community Server 5.0 < 5.0.51 RENAME TABLE Symlink System Table Overwrite

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-4465.NASL
description	- Thu Dec 13 2007 Tom Lane <tgl at redhat.com> 5.0.45-6 - Back-port upstream fixes for CVE-2007-5925, CVE-2007-5969, CVE-2007-6303. Related: #422211 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	29712
published	2007-12-17
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/29712
title	Fedora 8 : mysql-5.0.45-6.fc8 (2007-4465)

NASL family	F5 Networks Local Security Checks
NASL id	F5_BIGIP_SOL8178.NASL
description	Information about these advisories is available at the following locations :
last seen	2020-06-01
modified	2020-06-02
plugin id	78218
published	2014-10-10
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78218
title	F5 Networks BIG-IP : MySQL vulnerabilities (SOL8178)

NASL family	SuSE Local Security Checks
NASL id	SUSE9_12044.NASL
description	This update fixes several security vulnerabilities (note: not all versions are affected by every bug) : - CVE-2007-2583 - CVE-2007-2691 - CVE-2007-2692 - CVE-2007-5925 - CVE-2007-5969 - CVE-2007-6303 - CVE-2007-6304
last seen	2020-06-01
modified	2020-06-02
plugin id	41184
published	2009-09-24
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/41184
title	SuSE9 Security Update : MySQL (YOU Patch Number 12044)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_8C451386DFF311DDA7650030843D3802.NASL
description	MySQL reports : Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information by replacing the symbolic link points. the file to which the symlink points.
last seen	2020-06-01
modified	2020-06-02
plugin id	35339
published	2009-01-12
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/35339
title	FreeBSD : mysql -- privilege escalation and overwrite of the system table information (8c451386-dff3-11dd-a765-0030843d3802)

NASL family	Databases
NASL id	MYSQL_ENTERPRISE_5_0_52.NASL
description	The version of MySQL Enterprise Server 5.0 installed on the remote host is earlier than 5.0.52. Such versions reportedly are affected by the following issues : - Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information. (Bug #32111). - ALTER VIEW retained the original DEFINER value, even when altered by another user, which could allow that user to gain the access rights of the view. (Bug #29908) - When using a FEDERATED table, the local server can be forced to crash if the remote server returns a result with fewer columns than expected. (Bug #29801)
last seen	2020-06-01
modified	2020-06-02
plugin id	29346
published	2007-12-13
reporter	This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/29346
title	MySQL Enterprise Server 5.0 < 5.0.52 Multiple Vulnerabilities

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-4471.NASL
description	- Thu Dec 13 2007 Tom Lane <tgl at redhat.com> 5.0.45-6 - Back-port upstream fixes for CVE-2007-5925, CVE-2007-5969, CVE-2007-6303. Related: #422211 - Update License tag to match code. - Sun Jul 22 2007 Tom Lane <tgl at redhat.com> 5.0.45-1 - Update to MySQL 5.0.45 Resolves: #246535 - Move mysql_config
last seen	2020-06-01
modified	2020-06-02
plugin id	29714
published	2007-12-17
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/29714
title	Fedora 7 : mysql-5.0.45-6.fc7 (2007-4471)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-559-1.NASL
description	Joe Gallo and Artem Russakovskii discovered that the InnoDB engine in MySQL did not properly perform input validation. An authenticated user could use a crafted CONTAINS statement to cause a denial of service. (CVE-2007-5925) It was discovered that under certain conditions MySQL could be made to overwrite system table information. An authenticated user could use a crafted RENAME statement to escalate privileges. (CVE-2007-5969) Philip Stoev discovered that the the federated engine of MySQL did not properly handle responses with a small number of columns. An authenticated user could use a crafted response to a SHOW TABLE STATUS query and cause a denial of service. (CVE-2007-6304) It was discovered that MySQL did not properly enforce access controls. An authenticated user could use a crafted CREATE TABLE LIKE statement to escalate privileges. (CVE-2007-3781). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	29793
published	2007-12-24
reporter	Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/29793
title	Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : mysql-dfsg-5.0 vulnerabilities (USN-559-1)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1451.NASL
description	Several local/remote vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3781 It was discovered that the privilege validation for the source table of CREATE TABLE LIKE statements was insufficiently enforced, which might lead to information disclosure. This is only exploitable by authenticated users. - CVE-2007-5969 It was discovered that symbolic links were handled insecurely during the creation of tables with DATA DIRECTORY or INDEX DIRECTORY statements, which might lead to denial of service by overwriting data. This is only exploitable by authenticated users. - CVE-2007-6304 It was discovered that queries to data in a FEDERATED table can lead to a crash of the local database server, if the remote server returns information with less columns than expected, resulting in denial of service.
last seen	2020-06-01
modified	2020-06-02
plugin id	29860
published	2008-01-07
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/29860
title	Debian DSA-1451-1 : mysql-dfsg-5.0 - several vulnerabilities

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2007-1155.NASL
description	Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld), and many different client programs and libraries. A flaw was found in a way MySQL handled symbolic links when database tables were created with explicit
last seen	2020-06-01
modified	2020-06-02
plugin id	29731
published	2007-12-19
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/29731
title	CentOS 4 / 5 : mysql (CESA-2007:1155)

NASL family	Databases
NASL id	MYSQL_5_1_23.NASL
description	The version of MySQL Server installed on the remote host reportedly is affected by the following issues : - It is possible, by creating a partitioned table using the DATA DIRECTORY and INDEX DIRECTORY options, to gain privileges on other tables having the same name as the partitioned table. (Bug #32091) - Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information. (Bug #32111). - ALTER VIEW retains the original DEFINER value, even when altered by another user, which can allow that user to gain the access rights of the view. (Bug #29908) - When using a FEDERATED table, the local server can be forced to crash if the remote server returns a result with fewer columns than expected. (Bug #29801)
last seen	2020-06-01
modified	2020-06-02
plugin id	29345
published	2007-12-13
reporter	This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/29345
title	MySQL Community Server < 5.1.23 / 6.0.4 Multiple Vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	SUSE_LIBMYSQLCLIENT-DEVEL-4873.NASL
description	This update fixes several security vulnerabilities (note: not all versions are affected by every bug) : - CVE-2007-2583 - CVE-2007-2691 - CVE-2007-2692 - CVE-2007-5925 - CVE-2007-5969 - CVE-2007-6303 - CVE-2007-6304
last seen	2020-06-01
modified	2020-06-02
plugin id	30180
published	2008-02-05
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/30180
title	openSUSE 10 Security Update : libmysqlclient-devel (libmysqlclient-devel-4873)

Oval

accepted

2013-04-29T04:06:16.080-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:10509

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

bugzilla

id	397071
title	CVE-2007-5969 mysql: possible system table information overwrite using symlinks

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025

AND
comment mysql-server is earlier than 0:4.1.20-3.RHEL4.1.el4_6.1
oval oval:com.redhat.rhsa:tst:20071155001
comment mysql-server is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060544002
AND
comment mysql-bench is earlier than 0:4.1.20-3.RHEL4.1.el4_6.1
oval oval:com.redhat.rhsa:tst:20071155003
comment mysql-bench is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060544008
AND
comment mysql-devel is earlier than 0:4.1.20-3.RHEL4.1.el4_6.1
oval oval:com.redhat.rhsa:tst:20071155005
comment mysql-devel is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060544006
AND
comment mysql is earlier than 0:4.1.20-3.RHEL4.1.el4_6.1
oval oval:com.redhat.rhsa:tst:20071155007
comment mysql is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060544004

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND
comment mysql-test is earlier than 0:5.0.22-2.2.el5_1.1
oval oval:com.redhat.rhsa:tst:20071155010
comment mysql-test is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070875011
AND
comment mysql-server is earlier than 0:5.0.22-2.2.el5_1.1
oval oval:com.redhat.rhsa:tst:20071155012
comment mysql-server is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070875015
AND
comment mysql-bench is earlier than 0:5.0.22-2.2.el5_1.1
oval oval:com.redhat.rhsa:tst:20071155014
comment mysql-bench is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070875017
AND
comment mysql-devel is earlier than 0:5.0.22-2.2.el5_1.1
oval oval:com.redhat.rhsa:tst:20071155016
comment mysql-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070875019
AND
comment mysql is earlier than 0:5.0.22-2.2.el5_1.1
oval oval:com.redhat.rhsa:tst:20071155018
comment mysql is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070875013

rhsa

id	RHSA-2007:1155
released	2007-12-18
severity	Important
title	RHSA-2007:1155: mysql security update (Important)

rhsa
id RHSA-2007:1157

rpms

mysql-0:4.1.20-3.RHEL4.1.el4_6.1
mysql-0:5.0.22-2.2.el5_1.1
mysql-bench-0:4.1.20-3.RHEL4.1.el4_6.1
mysql-bench-0:5.0.22-2.2.el5_1.1
mysql-debuginfo-0:4.1.20-3.RHEL4.1.el4_6.1
mysql-debuginfo-0:5.0.22-2.2.el5_1.1
mysql-devel-0:4.1.20-3.RHEL4.1.el4_6.1
mysql-devel-0:5.0.22-2.2.el5_1.1
mysql-server-0:4.1.20-3.RHEL4.1.el4_6.1
mysql-server-0:5.0.22-2.2.el5_1.1
mysql-test-0:5.0.22-2.2.el5_1.1
mysql-0:5.0.44-2.el4s1.1
mysql-0:5.0.44-3.el5s2
mysql-bench-0:5.0.44-2.el4s1.1
mysql-bench-0:5.0.44-3.el5s2
mysql-cluster-0:5.0.44-2.el4s1.1
mysql-cluster-0:5.0.44-3.el5s2
mysql-debuginfo-0:5.0.44-2.el4s1.1
mysql-debuginfo-0:5.0.44-3.el5s2
mysql-devel-0:5.0.44-2.el4s1.1
mysql-devel-0:5.0.44-3.el5s2
mysql-libs-0:5.0.44-2.el4s1.1
mysql-libs-0:5.0.44-3.el5s2
mysql-server-0:5.0.44-2.el4s1.1
mysql-server-0:5.0.44-3.el5s2
mysql-test-0:5.0.44-2.el4s1.1
mysql-test-0:5.0.44-3.el5s2

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 26765 CVE(CAN) ID: CVE-2007-5969 MySQL是一款使用非常广泛的开放源代码关系数据库系统，拥有各种平台的运行版本。 MySQL在某些配置情况下存在漏洞，本地攻击者可能利用此漏洞修改破坏数据表。如果表格设置了DATA DIRECTORY和INDEX DIRECTORY选项的话，MySQL服务器在使用RENAME TABLE语句重新命名该表格时存在错误，可能允许攻击者通过某些符号链接替换所指向的文件导致覆盖系统表格信息。 MySQL AB MySQL < 5.0.51 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href=http://dev.mysql.com/get/Downloads/MySQL-5.0/mysql-5.0.51.tar.gz/from/pick target=_blank>http://dev.mysql.com/get/Downloads/MySQL-5.0/mysql-5.0.51.tar.gz/from/pick</a>
id	SSV:2597
last seen	2017-11-19
modified	2007-12-13
published	2007-12-13
reporter	Root
title	MySQL服务器RENAME TABLE系统表格覆盖漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Oval

Redhat

Seebug

References