Moderate

CVE-2007-6313 - Permissions, Privileges, and Access Control vulnerability in Mysql Community Server

Publication: 2008-02-18
Summary

MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements.

Classification
CWE-264: Permissions, Privileges, and Access Control

Risk level (CVSS 6.5)

Moderate

6.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Mysql Mysql Community Server 5.1.1
  • Mysql Mysql Community Server 5.1.2
  • Mysql Mysql Community Server 5.1.3
  • Mysql Mysql Community Server 5.1.4
  • Mysql Mysql Community Server 5.1.5
  • Mysql Mysql Community Server 5.1.6
  • Mysql Mysql Community Server 5.1.7
  • Mysql Mysql Community Server 5.1.8
  • Mysql Mysql Community Server 5.1.9
  • Mysql Mysql Community Server 5.1.10
  • Mysql Mysql Community Server 5.1.11
  • Mysql Mysql Community Server 5.1.12
  • Mysql Mysql Community Server 5.1.13
  • Mysql Mysql Community Server 5.1.14
  • Mysql Mysql Community Server 5.1.15
  • Mysql Mysql Community Server 5.1.16
  • Mysql Mysql Community Server 5.1.17
  • Mysql Mysql Community Server 5.1.18
  • Mysql Mysql Community Server 5.1.19
  • Mysql Mysql Community Server 5.1.20
  • Mysql Mysql Community Server 5.1.21
  • Mysql Mysql Community Server 5.1.22
  • Mysql Mysql Community Server 6.0.0
  • Mysql Mysql Community Server 6.0.1
  • Mysql Mysql Community Server 6.0.2
  • Mysql Mysql Community Server 6.0.3