Launchpad.net

CVE 2007-2691

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

Related bugs and status

CVE-2007-2691 (Candidate) is related to these bugs:

Bug #48282: digikam will not start with pictures stored on either an NFS or a CIFS disk

Summary				In	Importance	Status
	48282	digikam will not start with pictures stored on either an NFS or a CIFS disk		digikam (Ubuntu)	Medium	Fix Released
	48282	digikam will not start with pictures stored on either an NFS or a CIFS disk		digiKam	Medium	Invalid

Bug #172260: [mysql] multiple vulnerabilities

		In	Importance	Status
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu)	Unknown	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (tuXlab)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Dapper)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Dapper)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Dapper)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Dapper)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Edgy)	Undecided	Won't Fix
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Edgy)	Undecided	Won't Fix
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Edgy)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Edgy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Feisty)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Feisty)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Feisty)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Feisty)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Gutsy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Gutsy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Gutsy)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Gutsy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Hardy)	Unknown	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Hardy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Hardy)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Hardy)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

MISC: http://bugs.mysql.com/...
CONFIRM: http://dev.mysql.com/d...
BID: 24016
SECTRACK: 1018069
SECUNIA: 25301
SECUNIA: 25946
SECUNIA: 26073
REDHAT: RHSA-2007:0894
SECUNIA: 27155
MANDRIVA: MDKSA-2007:139
MLIST: [announce] 20070712 My...
CONFIRM: https://issues.rpath.c...
SECUNIA: 26430
DEBIAN: DSA-1413
SECUNIA: 27823
SUSE: SUSE-SR:2008:003
SECUNIA: 28838
SECUNIA: 31226
APPLE: APPLE-SA-2008-10-09
BID: 31681
CONFIRM: http://support.apple.c...
SECUNIA: 32222
REDHAT: RHSA-2008:0768
REDHAT: RHSA-2008:0364
SECUNIA: 30351
VUPEN: ADV-2007-1804
VUPEN: ADV-2008-2780
OSVDB: 34766
XF: mysql-renametable-weak...
OVAL: oval:org.mitre.oval:de...
UBUNTU: USN-528-1
BUGTRAQ: 20070717 rPSA-2007-014...