// For flags

CVE-2007-5969

mysql: possible system table information overwrite using symlinks

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.

MySQL Community Server versiones 5.0.x anteriores a 5.0.51, Enterprise Server versiones 5.0.x anteriores a 5.0.52, Server versiones 5.1.x anteriores a 5.1.23 y Server versiones 6.0.x anteriores a 6.0.4, cuando una tabla se basa en symlinks creados por medio de las opciones explícitas DATA DIRECTORY e INDEX DIRECTORY, permite a los usuarios remotos autenticados sobrescribir la información de la tabla del sistema y alcanzar privilegios por medio de una sentencia RENAME TABLE que cambia el symlink para que apunte hacia un archivo existente.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-11-14 CVE Reserved
  • 2007-12-10 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (43)
URL Tag Source
http://bugs.mysql.com/32111 X_refsource_confirm
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html X_refsource_confirm
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html X_refsource_confirm
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html X_refsource_confirm
http://forums.mysql.com/read.php?3%2C186931%2C186931 X_refsource_confirm
http://support.apple.com/kb/HT3216 X_refsource_confirm
http://www.securityfocus.com/archive/1/486477/100/0/threaded Mailing List
http://www.securityfocus.com/bid/26765 Vdb Entry
http://www.securitytracker.com/id?1019060 Vdb Entry
https://issues.rpath.com/browse/RPL-1999 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509 Signature
URL Date SRC
http://lists.mysql.com/announce/495 2024-08-07
URL Date SRC
http://www.securityfocus.com/bid/31681 2023-11-07
URL Date SRC
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html 2023-11-07
http://secunia.com/advisories/27981 2023-11-07
http://secunia.com/advisories/28025 2023-11-07
http://secunia.com/advisories/28040 2023-11-07
http://secunia.com/advisories/28063 2023-11-07
http://secunia.com/advisories/28099 2023-11-07
http://secunia.com/advisories/28108 2023-11-07
http://secunia.com/advisories/28128 2023-11-07
http://secunia.com/advisories/28343 2023-11-07
http://secunia.com/advisories/28559 2023-11-07
http://secunia.com/advisories/28838 2023-11-07
http://secunia.com/advisories/29706 2023-11-07
http://secunia.com/advisories/32222 2023-11-07
http://security.gentoo.org/glsa/glsa-200804-04.xml 2023-11-07
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 2023-11-07
http://www.debian.org/security/2008/dsa-1451 2023-11-07
http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 2023-11-07
http://www.redhat.com/support/errata/RHSA-2007-1155.html 2023-11-07
http://www.redhat.com/support/errata/RHSA-2007-1157.html 2023-11-07
http://www.vupen.com/english/advisories/2007/4142 2023-11-07
http://www.vupen.com/english/advisories/2007/4198 2023-11-07
http://www.vupen.com/english/advisories/2008/0560/references 2023-11-07
http://www.vupen.com/english/advisories/2008/1000/references 2023-11-07
http://www.vupen.com/english/advisories/2008/2780 2023-11-07
https://usn.ubuntu.com/559-1 2023-11-07
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html 2023-11-07
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html 2023-11-07
https://access.redhat.com/security/cve/CVE-2007-5969 2007-12-19
https://bugzilla.redhat.com/show_bug.cgi?id=397071 2007-12-19
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mysql
Search vendor "Mysql"
 Mysql Server
Search vendor "Mysql" for product "Mysql Server"
 5.1.22
Search vendor "Mysql" for product "Mysql Server" and version "5.1.22"
-
Affected
Mysql
Search vendor "Mysql"
 Mysql Server
Search vendor "Mysql" for product "Mysql Server"
 6.0
Search vendor "Mysql" for product "Mysql Server" and version "6.0"
-
Affected
Mysql
Search vendor "Mysql"
 Mysql Server
Search vendor "Mysql" for product "Mysql Server"
 6.0.1
Search vendor "Mysql" for product "Mysql Server" and version "6.0.1"
-
Affected
Mysql
Search vendor "Mysql"
 Mysql Server
Search vendor "Mysql" for product "Mysql Server"
 6.0.2
Search vendor "Mysql" for product "Mysql Server" and version "6.0.2"
-
Affected
Mysql
Search vendor "Mysql"
 Mysql Server
Search vendor "Mysql" for product "Mysql Server"
 6.0.3
Search vendor "Mysql" for product "Mysql Server" and version "6.0.3"
-
Affected
Mysql
Search vendor "Mysql"
 Community Server
Search vendor "Mysql" for product "Community Server"
 <= 5.0.50
Search vendor "Mysql" for product "Community Server" and version " <= 5.0.50"
-
Affected
Mysql
Search vendor "Mysql"
 Community Server
Search vendor "Mysql" for product "Community Server"
 5.0.41
Search vendor "Mysql" for product "Community Server" and version "5.0.41"
-
Affected
Mysql
Search vendor "Mysql"
 Community Server
Search vendor "Mysql" for product "Community Server"
 5.0.44
Search vendor "Mysql" for product "Community Server" and version "5.0.44"
-
Affected
Mysql
Search vendor "Mysql"
 Community Server
Search vendor "Mysql" for product "Community Server"
 5.0.45
Search vendor "Mysql" for product "Community Server" and version "5.0.45"
-
Affected
Mysql
Search vendor "Mysql"
 Mysql Enterprise Server
Search vendor "Mysql" for product "Mysql Enterprise Server"
 5.0.50
Search vendor "Mysql" for product "Mysql Enterprise Server" and version "5.0.50"
-
Affected