CVE-2007-3781
published 2007-07-15CVE-2007-3781: MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote…
PriorityP415medium4CVSS 2.0
AVNACLAuSCPINAN
EPSS
1.78%
75.5th percentile
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mysql | community_server | — | — |
| mysql | community_server | — | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_redhat4.0MEDIUM
vendor_ubuntu4.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-494v-q3hh-x3w8: MySQL Community Server before 5
ghsa_unreviewed·2022-05-01
CVE-2007-3781 [MEDIUM] GHSA-494v-q3hh-x3w8: MySQL Community Server before 5
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
Ubuntu
MySQL vulnerabilities
vendor_ubuntu·2007-12-21·CVSS 4.0
CVE-2007-3781 [MEDIUM] MySQL vulnerabilities
Title: MySQL vulnerabilities
Summary: MySQL vulnerabilities
Joe Gallo and Artem Russakovskii discovered that the InnoDB
engine in MySQL did not properly perform input validation. An
authenticated user could use a crafted CONTAINS statement to
cause a denial of service. (CVE-2007-5925)
It was discovered that under certain conditions MySQL could be
made to overwrite system table information. An authenticated
user could use a crafted RENAME statement to escalate privileges.
(CVE-2007-5969)
Philip Stoev discovered that the the federated engine of MySQL
did not properly handle responses with a small number of columns.
An authenticated user could use a crafted response to a SHOW
TABLE STATUS query and cause a denial of service. (CVE-2007-6304)
It was discovered that MySQL did not properly e
Red Hat
New release of MySQL fixes security bugs
vendor_redhat·2007-07-04·CVSS 4.0
CVE-2007-3781 [MEDIUM] New release of MySQL fixes security bugs
New release of MySQL fixes security bugs
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
Statement: Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248553
The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.
No detection rules found.
No public exploits indexed.
http://bugs.mysql.com/bug.php?id=25578http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.htmlhttp://lists.mysql.com/announce/470http://osvdb.org/37783http://secunia.com/advisories/25301http://secunia.com/advisories/26073http://secunia.com/advisories/26430http://secunia.com/advisories/26498http://secunia.com/advisories/26987http://secunia.com/advisories/28040http://secunia.com/advisories/28108http://secunia.com/advisories/28128http://secunia.com/advisories/28343http://secunia.com/advisories/30351http://security.gentoo.org/glsa/glsa-200708-10.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959http://www.debian.org/security/2008/dsa-1451http://www.mandriva.com/security/advisories?name=MDKSA-2007:243http://www.redhat.com/support/errata/RHSA-2007-0894.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0364.htmlhttp://www.securityfocus.com/archive/1/473874/100/0/threadedhttp://www.securityfocus.com/bid/25017https://issues.rpath.com/browse/RPL-1536https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9195https://usn.ubuntu.com/559-1/http://bugs.mysql.com/bug.php?id=25578http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.htmlhttp://lists.mysql.com/announce/470http://osvdb.org/37783http://secunia.com/advisories/25301http://secunia.com/advisories/26073http://secunia.com/advisories/26430http://secunia.com/advisories/26498http://secunia.com/advisories/26987http://secunia.com/advisories/28040http://secunia.com/advisories/28108http://secunia.com/advisories/28128http://secunia.com/advisories/28343http://secunia.com/advisories/30351http://security.gentoo.org/glsa/glsa-200708-10.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959http://www.debian.org/security/2008/dsa-1451http://www.mandriva.com/security/advisories?name=MDKSA-2007:243http://www.redhat.com/support/errata/RHSA-2007-0894.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0364.htmlhttp://www.securityfocus.com/archive/1/473874/100/0/threadedhttp://www.securityfocus.com/bid/25017https://issues.rpath.com/browse/RPL-1536https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9195https://usn.ubuntu.com/559-1/
2007-07-15
Published