CVE-2007-5970

MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.

Published: Dec 10, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-5970
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oracle / mysql	6.0.0	6.0.0.x
oracle / mysql	6.0.1	6.0.1.x
oracle / mysql	6.0.2	6.0.2.x
oracle / mysql	6.0.3	6.0.3.x
oracle / mysql	6.0.4	6.0.4.x
oracle / mysql	5.1.1	5.1.1.x
oracle / mysql	5.1.2	5.1.2.x
oracle / mysql	5.1.10	5.1.10.x
oracle / mysql	5.1.11	5.1.11.x
oracle / mysql	5.1.12	5.1.12.x
oracle / mysql	5.1.13	5.1.13.x
oracle / mysql	5.1.14	5.1.14.x
oracle / mysql	5.1.15	5.1.15.x
oracle / mysql	5.1.16	5.1.16.x
oracle / mysql	5.1.17	5.1.17.x

http://bugs.mysql.com/bug.php?id=32091
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html
http://osvdb.org/42607
http://securitytracker.com/id?1019084
http://www.vupen.com/english/advisories/2008/0560/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/38988

Vulnerability Database

289,697

CVE-2007-5970