CVE-2007-3781

Related Files

Debian Linux Security Advisory 1451-1

Posted Jan 7, 2008

Authored by Debian | Site debian.org

Debian Security Advisory 1451-1 - Several local/remote vulnerabilities have been discovered in the MySQL database server.

tags | advisory, remote, local, vulnerability

systems | linux, debian

advisories | CVE-2007-3781, CVE-2007-5969, CVE-2007-6304

SHA-256 | d0df878de1d3f06dd589a99a8affc1619745e69012af21568034eb25d1cc85f0

Download | Favorite | View

Ubuntu Security Notice 559-1

Posted Dec 24, 2007

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 559-1 - Joe Gallo and Artem Russakovskii discovered that the InnoDB engine in MySQL did not properly perform input validation. An authenticated user could use a crafted CONTAINS statement to cause a denial of service. It was discovered that under certain conditions MySQL could be made to overwrite system table information. An authenticated user could use a crafted RENAME statement to escalate privileges. Philip Stoev discovered that the the federated engine of MySQL did not properly handle responses with a small number of columns. An authenticated user could use a crafted response to a SHOW TABLE STATUS query and cause a denial of service. It was discovered that MySQL did not properly enforce access controls. An authenticated user could use a crafted CREATE TABLE LIKE statement to escalate privileges.

tags | advisory, denial of service

systems | linux, ubuntu

advisories | CVE-2007-3781, CVE-2007-5969, CVE-2007-5925, CVE-2007-6304

SHA-256 | ae30abbfc510aa1b5374607d3162c2ecded4d5bf712509d32e195be3b8105269

Download | Favorite | View

Mandriva Linux Security Advisory 2007.243

Posted Dec 11, 2007

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability in MySQL prior to 5.0.45 did not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, allowing remote authenticated users to obtain sensitive information such as the table structure. A vulnerability in the InnoDB engine in MySQL allowed remote authenticated users to cause a denial of service (database crash) via certain CONTAINS operations on an indexed column, which triggered an assertion error. Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options could be used to overwrite system table information by replacing the file to which a symlink pointed to.

tags | advisory, remote, denial of service

systems | linux, mandriva

advisories | CVE-2007-5925, CVE-2007-5969, CVE-2007-3781

SHA-256 | 4786ea98c0b6ab4c13f9ed6e23041aa58e952b5a5219846b12a6b0c4d8df2b83

Download | Favorite | View

Gentoo Linux Security Advisory 200708-10

Posted Aug 17, 2007

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200708-10 - Dormando reported a vulnerability within the handling of password packets in the connection protocol. Andrei Elkin also found that the CREATE TABLE LIKE command didn't require SELECT privileges on the source table. Versions less than 5.0.44 are affected.

tags | advisory, protocol

systems | linux, gentoo

advisories | CVE-2007-3780, CVE-2007-3781

SHA-256 | 39e9b5dcb8341de0eef94ba1c55dcfed5cfb6abfd1c5592e1d020349a61457d8

Download | Favorite | View