CVE-2007-6313 - Permissions, Privileges, and Access Control vulnerability in Mysql Community Server

Publication

2008-02-18

Last modification

2011-03-08

Summary

MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements.

Classification

CWE-264 - Permissions, Privileges, and Access Control

Risk level (CVSS AV:N/AC:L/Au:S/C:P/I:P/A:P)

Medium

6.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Vendor comments

  • Mark J Cox - Red Hat (2008-02-20)
    Not vulnerable. This issue did not affect the versions of MySQL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

Affected Products