CVE-2007-2691

NameCVE-2007-2691
DescriptionMySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1413-1
NVD severitymedium (attack range: remote)
Debian Bugs424778, 424830

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mysql-dfsgsourcesarge4.0.24-10sarge3mediumDSA-1413-1
mysql-dfsg-4.1sourcesarge4.1.11a-4sarge8mediumDSA-1413-1
mysql-dfsg-5.0source(unstable)5.0.41a-1medium424778, 424830
mysql-dfsg-5.0sourceetch5.0.32-7etch3mediumDSA-1413-1

Search for package or bug name: Reporting problems