CVE-2007-2691
UnknownEPSS 2.85%
Last modified
CVE-2007-2691 is a vulnerability of currently unknown severity. MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.. EPSS estimates a 2.85% chance of exploitation in the next 30 days.
Description
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mysql | Mysql | <= 4.1.22 |
| Mysql | Mysql | >= 5.0, < 5.0.42 |
| Mysql | Mysql | >= 5.1, < 5.1.18 |
| Debian | Debian Linux | 3.1 |
| Debian | Debian Linux | 4.0 |
| Canonical | Ubuntu Linux | 6.06 |
| Canonical | Ubuntu Linux | 6.10 |
| Canonical | Ubuntu Linux | 7.04 |
References
- http://bugs.mysql.com/bug.php?id=27515Vendor Advisory
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.htmlPatch, Vendor Advisory
- http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlMailing List, Third Party Advisory
- http://lists.mysql.com/announce/470Vendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.htmlThird Party Advisory
- http://osvdb.org/34766Broken Link
- http://secunia.com/advisories/25301Third Party Advisory
- http://secunia.com/advisories/25946Third Party Advisory
- http://secunia.com/advisories/26073Third Party Advisory
- http://secunia.com/advisories/26430Third Party Advisory
- http://secunia.com/advisories/27155Third Party Advisory
- http://secunia.com/advisories/27823Third Party Advisory
- http://secunia.com/advisories/28838Third Party Advisory
- http://secunia.com/advisories/30351Third Party Advisory
- http://secunia.com/advisories/31226Third Party Advisory
- http://secunia.com/advisories/32222Third Party Advisory
- http://support.apple.com/kb/HT3216Third Party Advisory
- http://www.debian.org/security/2007/dsa-1413Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:139Third Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0894.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2008-0364.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2008-0768.htmlThird Party Advisory
- http://www.securityfocus.com/archive/1/473874/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/24016Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/31681Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1018069Third Party Advisory, VDB Entry
- http://www.vupen.com/english/advisories/2007/1804Third Party Advisory
- http://www.vupen.com/english/advisories/2008/2780Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34347Third Party Advisory, VDB Entry
- https://issues.rpath.com/browse/RPL-1536Broken Link
- https://usn.ubuntu.com/528-1/Third Party Advisory
- http://bugs.mysql.com/bug.php?id=27515Vendor Advisory
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.htmlPatch, Vendor Advisory
- http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlMailing List, Third Party Advisory
- http://lists.mysql.com/announce/470Vendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.htmlThird Party Advisory
- http://osvdb.org/34766Broken Link
- http://secunia.com/advisories/25301Third Party Advisory
- http://secunia.com/advisories/25946Third Party Advisory
- http://secunia.com/advisories/26073Third Party Advisory
- http://secunia.com/advisories/26430Third Party Advisory
- http://secunia.com/advisories/27155Third Party Advisory
- http://secunia.com/advisories/27823Third Party Advisory
- http://secunia.com/advisories/28838Third Party Advisory
- http://secunia.com/advisories/30351Third Party Advisory
- http://secunia.com/advisories/31226Third Party Advisory
- http://secunia.com/advisories/32222Third Party Advisory
- http://support.apple.com/kb/HT3216Third Party Advisory
- http://www.debian.org/security/2007/dsa-1413Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:139Third Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0894.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2008-0364.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2008-0768.htmlThird Party Advisory
- http://www.securityfocus.com/archive/1/473874/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/24016Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/31681Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1018069Third Party Advisory, VDB Entry
- http://www.vupen.com/english/advisories/2007/1804Third Party Advisory
- http://www.vupen.com/english/advisories/2008/2780Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34347Third Party Advisory, VDB Entry
- https://issues.rpath.com/browse/RPL-1536Broken Link
- https://usn.ubuntu.com/528-1/Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-2691?
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
How severe is CVE-2007-2691?
Severity scoring for CVE-2007-2691 is pending analysis. The EPSS model estimates a 2.85% probability of exploitation in the next 30 days.
How do I fix CVE-2007-2691?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2007-2691?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST