Vulnerability CVE-2007-2691 - CERT Civis.Net

Vulnerability Name:

CVE-2007-2691 (CCN-34347)

Assigned:

2007-05-16

Published:

2007-05-16

Updated:

2018-10-19

Summary:

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

CVSS v3 Severity:

4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

4.9 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:P)
4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P)
4.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Bypass Security

References:

Source: MISC
Type: Vendor Advisory
http://bugs.mysql.com/bug.php?id=27515

Source: MITRE
Type: CNA
CVE-2007-2691

Source: CCN
Type: MySQL 5.1 Reference Manual
C.1.2. Changes in release 5.1.18 (08 May 2007)

Source: CONFIRM
Type: Patch, Vendor Advisory
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html

Source: APPLE
Type: Mailing List, Third Party Advisory
APPLE-SA-2008-10-09

Source: MLIST
Type: Vendor Advisory
[announce] 20070712 MySQL Community Server 5.0.45 has been released!

Source: SUSE
Type: Third Party Advisory
SUSE-SR:2008:003

Source: OSVDB
Type: Broken Link
34766

Source: CCN
Type: RHSA-2007-0894
Important: mysql security update

Source: CCN
Type: RHSA-2008-0364
Low: mysql security and bug fix update

Source: CCN
Type: RHSA-2008-0768
Moderate: mysql security, bug fix, and enhancement update

Source: CCN
Type: SA25301
MySQL Denial of Service Vulnerability and Multiple Security Issues

Source: SECUNIA
Type: Third Party Advisory
25301

Source: SECUNIA
Type: Third Party Advisory
25946

Source: SECUNIA
Type: Third Party Advisory
26073

Source: SECUNIA
Type: Third Party Advisory
26430

Source: SECUNIA
Type: Third Party Advisory
27155

Source: SECUNIA
Type: Third Party Advisory
27823

Source: SECUNIA
Type: Third Party Advisory
28838

Source: SECUNIA
Type: Third Party Advisory
30351

Source: SECUNIA
Type: Third Party Advisory
31226

Source: CCN
Type: SA32222
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
32222

Source: CCN
Type: SECTRACK ID: 1018069
MySQL Lets Remote Authenticated Users Issue the RENAME TABLE Command

Source: CCN
Type: Apple Web site
About Security Update 2008-007

Source: CONFIRM
Type: Third Party Advisory
http://support.apple.com/kb/HT3216

Source: CCN
Type: ASA-2007-382
MySQL security update (RHSA-2007-0894)

Source: CCN
Type: ASA-2008-327
mysql security update (RHSA-2008-0768)

Source: DEBIAN
Type: Third Party Advisory
DSA-1413

Source: DEBIAN
Type: DSA-1413
mysql -- multiple vulnerabilities

Source: MANDRIVA
Type: Third Party Advisory
MDKSA-2007:139

Source: CCN
Type: MySQL Web site
MySQL AB :: The world's most popular open source database

Source: CCN
Type: OSVDB ID: 34766
MySQL RENAME TABLE Statement Arbitrary Table Name Modification

Source: REDHAT
Type: Third Party Advisory
RHSA-2007:0894

Source: REDHAT
Type: Third Party Advisory
RHSA-2008:0364

Source: REDHAT
Type: Third Party Advisory
RHSA-2008:0768

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server

Source: BID
Type: Third Party Advisory, VDB Entry
24016

Source: CCN
Type: BID-24016
MySQL Rename Table Function Access Validation Vulnerability

Source: BID
Type: Third Party Advisory, VDB Entry
31681

Source: CCN
Type: BID-31681
RETIRED: Apple Mac OS X 2008-007 Multiple Security Vulnerabilities

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1018069

Source: CCN
Type: USN-528-1
MySQL vulnerabilities

Source: VUPEN
Type: Third Party Advisory
ADV-2007-1804

Source: VUPEN
Type: Third Party Advisory
ADV-2008-2780

Source: XF
Type: Third Party Advisory, VDB Entry
mysql-renametable-weak-security(34347)

Source: XF
Type: UNKNOWN
mysql-renametable-weak-security(34347)

Source: CONFIRM
Type: Broken Link
https://issues.rpath.com/browse/RPL-1536

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:9559

Source: UBUNTU
Type: Third Party Advisory
USN-528-1

Source: SUSE
Type: SUSE-SR:2008:003
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:mysql:mysql:*:*:*:*:*:*:*:* (Version <= 4.1.22)

OR cpe:/a:mysql:mysql:*:*:*:*:*:*:*:* (Version >= 5.0 and < 5.0.42)

OR cpe:/a:mysql:mysql:*:*:*:*:*:*:*:* (Version >= 5.1 and < 5.1.18)

Configuration 2:

cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration CCN 1:

cpe:/a:oracle:mysql:5.0.0:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.13:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.18:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.0:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.0:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.0:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.10:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.10:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.11:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.12:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.12:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.13:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.14:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.14:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.15:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.15:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.16:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.17:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.18:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.19:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.2:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.2:alpha:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.20:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.21:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.22:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.0:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.0:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.1:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.10:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.10:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.11:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.12:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.13:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.14:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.15:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.15:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.16:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.16:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.17:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.17:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.19:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.1:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.2:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.20:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.20:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.21:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.22:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.24:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.27:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.3:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.33:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.37:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.3:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.4:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.4:a:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.5:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.6:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.7:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.8:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.0.9:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.10:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.11:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.12:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.13:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.14:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.15:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.16:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.17:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.4:*:*:*:*:*:*:*

OR cpe:/a:mysql:mysql:5.1.5:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.6:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.7:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.8:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:5.1.9:*:*:*:*:*:*:*

OR cpe:/a:mysql:mysql:5.0.22.1.0.1:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20072691	V	CVE-2007-2691	2015-11-16
oval:org.mitre.oval:def:17461	P	USN-528-1 -- mysql-dfsg-5.0 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:20366	P	DSA-1413-1 mysql - multiple	2014-06-23
oval:org.mitre.oval:def:22310	P	ELSA-2008:0364: mysql security and bug fix update (Low)	2014-05-26
oval:org.mitre.oval:def:9559	V	MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.	2013-04-29
oval:com.redhat.rhsa:def:20080768	P	RHSA-2008:0768: mysql security, bug fix, and enhancement update (Moderate)	2008-07-24
oval:com.redhat.rhsa:def:20080364	P	RHSA-2008:0364: mysql security and bug fix update (Low)	2008-05-21
oval:org.debian:def:1413	V	multiple vulnerabilities	2007-11-26