CVE-2007-5970

Publication date 10 December 2007

Last updated 24 July 2024


Ubuntu priority

MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.

Read the notes from the security team

Status

Package Ubuntu Release Status
mysql-dfsg-5.0 7.10 gutsy
Not affected
7.04 feisty
Not affected
6.10 edgy
Not affected
6.06 LTS dapper
Not affected

Notes


jdstrand

check if it also applies to mysql 5.0 5.1 and 6.0 only according to upstream release notes (the bug is private, so can't see it)