Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-2691

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

Published

2007-05-16T01:19:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

6.8

Impact Score

4.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mysql	mysql	≤ 4.1.22	Yes
Application	mysql	mysql	< 5.0.42	Yes
Application	mysql	mysql	< 5.1.18	Yes
Operating System	debian	debian_linux	3.1	Yes
Operating System	debian	debian_linux	4.0	Yes
Operating System	canonical	ubuntu_linux	6.06	Yes
Operating System	canonical	ubuntu_linux	6.10	Yes
Operating System	canonical	ubuntu_linux	7.04	Yes

References

http://bugs.mysql.com/bug.php?id=27515 Vendor Advisory ([email protected])
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html Patch, Vendor Advisory ([email protected])
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html Mailing List, Third Party Advisory ([email protected])
http://lists.mysql.com/announce/470 Vendor Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html Third Party Advisory ([email protected])
http://osvdb.org/34766 Broken Link ([email protected])
http://secunia.com/advisories/25301 Third Party Advisory ([email protected])
http://secunia.com/advisories/25946 Third Party Advisory ([email protected])
http://secunia.com/advisories/26073 Third Party Advisory ([email protected])
http://secunia.com/advisories/26430 Third Party Advisory ([email protected])
http://secunia.com/advisories/27155 Third Party Advisory ([email protected])
http://secunia.com/advisories/27823 Third Party Advisory ([email protected])
http://secunia.com/advisories/28838 Third Party Advisory ([email protected])
http://secunia.com/advisories/30351 Third Party Advisory ([email protected])
http://secunia.com/advisories/31226 Third Party Advisory ([email protected])
http://secunia.com/advisories/32222 Third Party Advisory ([email protected])
http://support.apple.com/kb/HT3216 Third Party Advisory ([email protected])
http://www.debian.org/security/2007/dsa-1413 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0894.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0364.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0768.html Third Party Advisory ([email protected])
http://www.securityfocus.com/archive/1/473874/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/24016 Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/31681 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1018069 Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2007/1804 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2008/2780 Third Party Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/34347 Third Party Advisory, VDB Entry ([email protected])
https://issues.rpath.com/browse/RPL-1536 Broken Link ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559 Third Party Advisory ([email protected])
https://usn.ubuntu.com/528-1/ Third Party Advisory ([email protected])
http://bugs.mysql.com/bug.php?id=27515 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.mysql.com/announce/470 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/34766 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25301 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25946 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26073 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26430 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27155 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27823 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28838 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30351 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/31226 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32222 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT3216 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1413 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0894.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0364.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0768.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/473874/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/24016 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/31681 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1018069 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/1804 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/2780 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34347 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-1536 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/528-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)