First published: Wed May 16 2007(Updated: )
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
MySQL MySQL | <=4.1.22 | |
MySQL MySQL | >=5.0<5.0.42 | |
MySQL MySQL | >=5.1<5.1.18 | |
Debian Debian Linux | =3.1 | |
Debian Debian Linux | =4.0 | |
Canonical Ubuntu Linux | =6.06 | |
Canonical Ubuntu Linux | =7.04 | |
Canonical Ubuntu Linux | =6.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.