CVE-2007-5970
NONEMySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX
Publicado: 12/10/2007Actualizado: 4/9/2025
Descripción
MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.
Análisis IAImpulsado por IA
Productos Afectados
oraclemysql
5.1.1
oraclemysql
5.1.2
oraclemysql
5.1.10
oraclemysql
5.1.11
oraclemysql
5.1.12
oraclemysql
5.1.13
oraclemysql
5.1.14
oraclemysql
5.1.15
oraclemysql
5.1.16
oraclemysql
5.1.17
oraclemysql
6.0.0
oraclemysql
6.0.1
oraclemysql
6.0.2
oraclemysql
6.0.3
oraclemysql
6.0.4
Referencias
- http://bugs.mysql.com/bug.php?id=32091
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html
- http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html
- http://osvdb.org/42607
- http://securitytracker.com/id?1019084
- http://www.vupen.com/english/advisories/2008/0560/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38988
- http://bugs.mysql.com/bug.php?id=32091
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html
- http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html
- http://osvdb.org/42607
- http://securitytracker.com/id?1019084
- http://www.vupen.com/english/advisories/2008/0560/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38988