Computer Security
[EN] securityvulns.ru no-pyccku


MySQL RENAME privilege escalation
Published:05.07.2007
Source:
SecurityVulns ID:7893
Type:local
Threat Level:
5/10
Description:DROP permission is not checked during RENAME operation.
Affected:MYSQL : MySQL 4.0
 MYSQL : MySQL 4.1
 ORACLE : MySQL 5.0
 ORACLE : MySQL 5.1
CVE:CVE-2007-2691 (MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod