Launchpad.net

CVE 2007-5969

MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.

Related bugs and status

CVE-2007-5969 (Candidate) is related to these bugs:

Bug #172260: [mysql] multiple vulnerabilities

		In	Importance	Status
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu)	Unknown	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (tuXlab)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Dapper)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Dapper)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Dapper)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Dapper)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Edgy)	Undecided	Won't Fix
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Edgy)	Undecided	Won't Fix
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Edgy)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Edgy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Feisty)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Feisty)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Feisty)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Feisty)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Gutsy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Gutsy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Gutsy)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Gutsy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Hardy)	Unknown	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Hardy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Hardy)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Hardy)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

MLIST: [Announcements] 200712...
CONFIRM: http://bugs.mysql.com/...
CONFIRM: http://dev.mysql.com/d...
CONFIRM: http://dev.mysql.com/d...
CONFIRM: http://forums.mysql.co...
BID: 26765
SECTRACK: 1019060
SECUNIA: 27981
MANDRIVA: MDKSA-2007:243
SECUNIA: 28040
SECUNIA: 28063
FEDORA: FEDORA-2007-4465
FEDORA: FEDORA-2007-4471
REDHAT: RHSA-2007:1155
REDHAT: RHSA-2007:1157
SECUNIA: 28025
SECUNIA: 28108
SECUNIA: 28099
SECUNIA: 28128
DEBIAN: DSA-1451
SECUNIA: 28343
CONFIRM: https://issues.rpath.c...
SECUNIA: 28559
SUSE: SUSE-SR:2008:003
SECUNIA: 28838
CONFIRM: http://dev.mysql.com/d...
GENTOO: GLSA-200804-04
SECUNIA: 29706
APPLE: APPLE-SA-2008-10-09
BID: 31681
CONFIRM: http://support.apple.c...
SECUNIA: 32222
VUPEN: ADV-2007-4142
VUPEN: ADV-2007-4198
VUPEN: ADV-2008-0560
VUPEN: ADV-2008-1000
VUPEN: ADV-2008-2780
SLACKWARE: SSA:2007-348-01
OVAL: oval:org.mitre.oval:de...
UBUNTU: USN-559-1
BUGTRAQ: 20080117 rPSA-2008-001...