CVE-2007-5969

Publication date 10 December 2007

Last updated 24 July 2024

Ubuntu priority

MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
mysql-dfsg-5.0	7.10 gutsy	Fixed 5.0.45-1ubuntu3.1
	7.04 feisty	Fixed 5.0.38-0ubuntu1.2
	6.10 edgy	Fixed 5.0.24a-9ubuntu2.2
	6.06 LTS dapper	Fixed 5.0.22-0ubuntu6.06.6

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-559-1
MySQL vulnerabilities
21 December 2007

Other references

https://rhn.redhat.com/errata/RHSA-2007-1155.html
https://www.cve.org/CVERecord?id=CVE-2007-5969