CVE-2007-5969

MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.

Published: Dec 10, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-5969
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.1
AV:N/AC:H/Au:S/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
mysql / mysql_server	6.0	6.0.x
mysql / mysql_server	6.0.3	6.0.3.x
mysql / mysql_server	6.0.1	6.0.1.x
mysql / mysql_server	5.1.22	5.1.22.x
mysql / mysql_server	6.0.2	6.0.2.x
mysql / community_server	5.0.45	5.0.45.x
mysql / community_server	5.0.41	5.0.41.x
mysql / community_server	5.0.44	5.0.44.x
mysql / community_server	-	5.0.50.x
mysql / mysql_enterprise_server	5.0.50	5.0.50.x

Vulnerability Database

289,599

CVE-2007-5969