CVE-2007-2691

NameCVE-2007-2691
DescriptionMySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1413-1
NVD severitymedium (attack range: remote)
Debian Bugs424778, 424830
Debian/oldstablenot known to be vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mysql-dfsgsourcesarge4.0.24-10sarge3mediumDSA-1413-1
mysql-dfsg-4.1sourcesarge4.1.11a-4sarge8mediumDSA-1413-1
mysql-dfsg-5.0source(unstable)5.0.41a-1medium424778, 424830
mysql-dfsg-5.0sourceetch5.0.32-7etch3mediumDSA-1413-1

Search for package or bug name: Reporting problems