CVE-2007-3781

Published: 15 July 2007

MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.

Priority

Low

Status

Package Release Status
mysql-dfsg-5.0
Launchpad, Ubuntu, Debian
Upstream
Released (5.0.45)

Notes

AuthorNote
jdstrand
very invasive patch.  Discussed one-time MicroVersionUpdate with
pitti-- too many changes to warrant the update.
apparently Mandriva found a patch for this going back to 5.0.24

References

Bugs