CVE-2007-5969

Published: Dec 10, 2007Modified: Apr 23, 2026

7.1

Vector

AV:N/AC:H/Au:S/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.

Affected (10)

Products: Mysql: Mysql Server, Community Server, Mysql Enterprise Server

Mysql

3 products

Mysql Server

Community Server

Mysql Enterprise Server

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Mysql Mysql Server	Version 5.1.22
Mysql Mysql Server	Version 6.0.1
Mysql Mysql Server	Version 6.0.2
Mysql Mysql Server	Version 6.0.3
Mysql Mysql Server	Version 6.0

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Mysql Community Server	Up to 5.0.50
Mysql Community Server	Version 5.0.41
Mysql Community Server	Version 5.0.44
Mysql Community Server	Version 5.0.45

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Mysql Mysql Enterprise Server	Version 5.0.50

Related CWEs

CWE-264

References (82)

http://bugs.mysql.com/32111

Source: cve@mitre.org

http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html

Source: cve@mitre.org

http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html

Source: cve@mitre.org

http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html

Source: cve@mitre.org

http://forums.mysql.com/read.php?3%2C186931%2C186931

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

Source: cve@mitre.org

http://lists.mysql.com/announce/495

Source: cve@mitre.org

ExploitVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html

Source: cve@mitre.org

http://secunia.com/advisories/27981

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28025

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28040

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28063

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28099

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28108

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28128

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28343

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28559

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28838

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/29706

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/32222

Source: cve@mitre.org

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200804-04.xml

Source: cve@mitre.org

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959

Source: cve@mitre.org

http://support.apple.com/kb/HT3216

Source: cve@mitre.org

http://www.debian.org/security/2008/dsa-1451

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2007:243

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2007-1155.html

Source: cve@mitre.org

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2007-1157.html

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/486477/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/26765

Source: cve@mitre.org

http://www.securityfocus.com/bid/31681

Source: cve@mitre.org

Patch

http://www.securitytracker.com/id?1019060

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/4142

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2007/4198

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2008/0560/references

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2008/1000/references

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2008/2780

Source: cve@mitre.org

Vendor Advisory

https://issues.rpath.com/browse/RPL-1999

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509

Source: cve@mitre.org

https://usn.ubuntu.com/559-1/

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html

Source: cve@mitre.org

http://bugs.mysql.com/32111