CVE-2007-5969 — Mysql Community Server vulnerability

CWE-2646 documents6 sources

Severity

7.1HIGHNVD

EPSS

1.8%

top 17.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mysql Community Server Mysql Enterprise Server Mysql Server

Timeline

PublishedDec 10

Latest updateMay 1

Description

MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

▶NVDmysql/community_server5.0.50+3

▶NVDmysql/mysql_enterprise_server5.0.50

▶NVDmysql/mysql_server5 versions+4

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-34f4-qcwh-g2jj: MySQL Community Server 5↗2022-05-01

▶

CVEList

CVE-2007-5969: MySQL Community Server 5↗2007-12-10

▶

📋Vendor Advisories

Ubuntu

MySQL vulnerabilities↗2007-12-21

▶

Red Hat

mysql: possible system table information overwrite using symlinks↗2007-11-15

▶

💬Community

Bugzilla

CVE-2007-5969 mysql: possible system table information overwrite using symlinks↗2007-11-23

▶