CVE-2007-2691

Name	CVE-2007-2691
Description	MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1413-1
Debian Bugs	424778, 424830

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin	Debian Bugs
mysql-dfsg	source	sarge	4.0.24-10sarge3	DSA-1413-1
mysql-dfsg-4.1	source	sarge	4.1.11a-4sarge8	DSA-1413-1
mysql-dfsg-5.0	source	etch	5.0.32-7etch3	DSA-1413-1
mysql-dfsg-5.0	source	(unstable)	5.0.41a-1		424778, 424830