CVE-2007-5970
Published Dec 10, 2007
Last updated 5 years ago
Overview
- Description
- MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5.8
- Impact score
- 4.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Social media
- Hype score
- Not currently trending
Vendor comments
- Red HatNot vulnerable. This issue did not affect the mysql packages as shipped in Red Hat Enterprise Linux 2.1, 3, 4, 5, Red Hat Application Stack v1, and v2, as the versions shipped do not support table partitioning. The partitioning feature was introduced in development MySQL version 5.1.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "73F49A1D-BCA3-4772-8AB3-621CCC997B3A"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F719DD8E-8379-43C3-97F9-DE350E457F7F"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6341F695-6034-4CC1-9485-ACD3A0E1A079"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1DF5F19-ECD9-457F-89C6-6F0271CF4766"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "446DB5E9-EF4C-4A53-911E-91A802AECA5D"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5829BE6A-BC58-482B-9DA1-04FDD413A7A9"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C85D20DF-702B-4F0B-922D-782474A4B663"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "73A09785-3CA4-4797-A836-A958DCDC322F"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C4DE3D79-0966-4E14-9288-7C269A2CEEC3"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "564F6A24-BEB3-4420-A633-8AD54C292436"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:6.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F48E7355-2D9A-454D-AE66-B0AE015E31A6"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:6.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E51BF67A-BAEC-48F8-9290-67C6C5B8442E"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:6.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F5C6A2F-DEAE-470D-8888-0E9076CCA0B6"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:6.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1C09231E-8759-4DFB-AA8D-17A1C6D43AC1"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:6.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81592813-78D9-4366-AD2E-94677D93F599"
}
],
"operator": "OR"
}
]
}
]