FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mysql -- privilege escalation and overwrite of the system table information

Affected packages
4.1 <= mysql-server < 4.1.24
5.0 <= mysql-server < 5.0.51
5.1 <= mysql-server < 5.1.23
6.0 <= mysql-server < 6.0.4

Details

VuXML ID 8c451386-dff3-11dd-a765-0030843d3802
Discovery 2007-11-14
Entry 2009-01-11

MySQL reports:

Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information by replacing the symbolic link points. the file to which the symlink points.

[source]

References

Bugtraq ID 26765
CVE Name CVE-2007-5969
URL http://bugs.mysql.com/bug.php?id=32111

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.