ELSA-2007-1155 Important: Enterprise Linux mysql security update
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
7 | (AV:N/AC:H/Au:S/C:C/I:C/A:C) | November 09, 2007 | December 20, 2011 | July 04, 2017 |
Description
MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
- APPLE-APPLE-SA-2008-10-09
- BID-26353
- BID-26765
- BID-31681
- CVE-2007-5925
- CVE-2007-5969
- DEBIAN-DSA-1413
- DEBIAN-DSA-1451
- OVAL-OVAL10509
- OVAL-OVAL11390
- REDHAT-RHSA-2007:1155
- REDHAT-RHSA-2007:1157
- URL: http://oss.oracle.com/pipermail/el-errata/2007-December/000453.html
- URL: http://oss.oracle.com/pipermail/el-errata/2007-December/000456.html
- XF-38284
Solution
oracle-linux-upgrade-mysqlRelated Vulnerabilities
- OS X security update 2008-007 for Networking (CVE-2008-3645)
- HP-UX: CVE-2008-2364: Running Apache, Remote Cross Site Scripting (XSS) or Denial of Service (DoS)
- Cent OS: CVE-2008-2712: CESA-2008:0580 (vim)
- SUSE Linux Security Vulnerability: CVE-2008-1389
- RHSA-2008:0967: httpd security and bug fix update
- Cent OS: CVE-2008-1232: CESA-2008:0648 (tomcat)
- OS X security update 2010-002 for vim (CVE-2008-2712)
- SUSE Linux Security Advisory: SUSE-SR:2009:002
- VMSA-2009-0016.6: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2007-6286)
- CESA-2008:0042: tomcat security update
- FreeBSD: mysql -- privilege escalation and overwrite of the system table information (CVE-2007-5969)
- FreeBSD: vim -- Vim Shell Command Injection Vulnerabilities (CVE-2008-2712)
- OS X security update 2008-007 for libxslt (CVE-2008-1767)
- USN-624-2: Erlang vulnerability
- Gentoo Linux: CVE-2007-5969: MySQL: Multiple vulnerabilities
- SUSE Linux Security Vulnerability: CVE-2008-2370
- OS X update for PHP (CVE-2008-2371)
- USN-628-1: PHP vulnerabilities
- OS X security update 2008-007 for MySQL Server (CVE-2008-2079)
- ELSA-2008-0617 Moderate: Enterprise Linux vim security update
- Sun Patch: SunOS 5.10_x86: Oracle Java Web Console 3.1 Patch
- Apache Tomcat Cookie Handling Session ID Disclosure Vulnerability (CVE-2007-5333)
- OS X security update 2008-007 for ClamAV (CVE-2008-3914)
- Apache Tomcat: Low: Session hi-jacking (CVE-2007-5333)
- Gentoo Linux: CVE-2008-3913: ClamAV: Multiple Denials of Service
- RHSA-2010:0602: Red Hat Certificate System 7.3 security update
- RHSA-2009:1454: tomcat5 security update
- SUSE Linux Security Advisory: SUSE-SR:2008:003
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2008-1232)
- Apache Tomcat Host Manager Cross-Site Scripting Vulnerability
- Cent OS: CVE-2008-2370: CESA-2008:0648 (tomcat)
- Cent OS: CVE-2008-3432: CESA-2008:0617 (vim)
- SUSE Linux Security Advisory: SUSE-SR:2008:013
- FreeBSD: cups -- multiple vulnerabilities (Multiple CVEs)
- USN-1397-1: MySQL vulnerabilities
- RHSA-2008:0937: cups security update
- SUSE Linux Security Vulnerability: CVE-2007-5925
- RHSA-2008:0580: vim security update
- SUSE Linux Security Vulnerability: CVE-2008-3913
- RHSA-2008:0862: tomcat security update
- RHSA-2007:1155: mysql security update
- SUSE Linux Security Advisory: SUSE-SR:2008:005
- MySQL DATA DIRECTORY and INDEX DIRECTORY symlink system table overwrite
- FreeBSD: mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths (Multiple CVEs)
- Sun Patch: SunOS 5.9: Apache Security Patch
- OS X security update 2008-007 for Tomcat (CVE-2008-0002)
- OpenSSL CRYPTO_cleanup_all_ex_data denial of service (CVE-2008-1678)
- VMSA-2009-0016.6: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2008-1947)
- SUSE Linux Security Vulnerability: CVE-2008-2371
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2007-5342)
- OS X security update 2008-005 for PHP (CVE-2007-4850)
- FreeBSD: pcre -- buffer overflow vulnerability (CVE-2008-0674)
- USN-671-1: MySQL vulnerabilities
- FreeBSD: apache -- multiple vulnerabilities (Multiple CVEs)
- Gentoo Linux: CVE-2008-2079: MySQL: Privilege bypass
- OS X security update 2008-007 for MySQL Server (CVE-2007-5969)
- ELSA-2008-0287 Important: Enterprise Linux libxslt security update
- RHSA-2009:1164: tomcat security update
- SUSE Linux Security Vulnerability: CVE-2008-2364
- FreeBSD: php -- multiple vulnerabilities (Multiple CVEs)
- CESA-2007:1155: RHSA-2007:1155
- ELSA-2008-0937 Important: Enterprise Linux cups security update
- VMSA-2009-0002: Update for VirtualCenter and ESX patch update Apache Tomcat version to 5.5.27 (CVE-2008-2370)
- OS X security update 2008-007 for Tomcat (CVE-2008-2938)
- RHSA-2008:0151: JBoss Enterprise Application Platform 4.2.0CP02 security update
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2008-0002)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2008-2370)
- Apache Tomcat Exception Handling Information Disclosure Vulnerability
- Sun Patch: SunOS 5.9_x86: Apache Security Patch
- Cent OS: CVE-2008-2938: CESA-2008:0648 (tomcat)
- Gentoo Linux: CVE-2008-0002: Tomcat: Multiple vulnerabilities
- VMSA-2009-0016.6: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2008-0002)
- PHP Multiple Vulnerabilities Fixed in version 4.4.9
- Gentoo Linux: CVE-2008-1678: Apache: Denial of Service
- SUSE Linux Security Vulnerability: CVE-2008-1232
- Gentoo Linux: CVE-2008-1389: ClamAV: Multiple Denials of Service
- VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2007-5342)
- Sun Patch: SunOS 5.10: Apache 1.3 Patch
- OS X security update 2008-007 for Apache (CVE-2008-1678)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2007-5461)
- OS X security update 2008-005 for PHP (CVE-2008-0674)
- SUSE Linux Security Advisory: SUSE-SR:2008:017
- VMSA-2009-0002: Update for VirtualCenter and ESX patch update Apache Tomcat version to 5.5.27 (CVE-2008-1232)
- USN-588-1: MySQL vulnerabilities
- USN-581-1: PCRE vulnerability
- RHSA-2009:1563: tomcat security update
- FreeBSD: clamav -- CHM Processing Denial of Service (CVE-2008-1389)
- SUSE Linux Security Vulnerability: CVE-2007-6286
- VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2007-5333)
- VMSA-2009-0004.3: Updated vim package (CVE-2008-4101)
- PHP Vulnerability: CVE-2007-4850
- Cent OS: CVE-2008-4101: CESA-2008:0580 (vim)
- VMSA-2009-0016.6: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2007-5333)
- Gentoo Linux: CVE-2007-6420: Apache: Denial of Service
- RHSA-2008:0877: jbossweb security update
- Apache Tomcat JULI Logging Component Security Bypass
- RHSA-2008:0618: vim security update
- Gentoo Linux: CVE-2007-5461: Tomcat: Multiple vulnerabilities
- RHSA-2008:0617: vim security update
- Apache Tomcat: Low: Cross-site scripting (CVE-2008-1947)