CVE-2007-2691

Published: 16 May 2007

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

Priority

Medium

Status

Package Release Status
mysql-dfsg-5.0
Launchpad, Ubuntu, Debian
Upstream
Released (5.0.42, 5.1.18)