Back to search

ELSA-2007-1155 Important: Enterprise Linux mysql security update

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:H/Au:S/C:C/I:C/A:C)	November 09, 2007	December 20, 2011	July 04, 2017

Description

MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

Free InsightVM Trial

References

APPLE-APPLE-SA-2008-10-09
BID-26353
BID-26765
BID-31681
CVE-2007-5925
CVE-2007-5969
DEBIAN-DSA-1413
DEBIAN-DSA-1451
OVAL-OVAL10509
OVAL-OVAL11390
REDHAT-RHSA-2007:1155
REDHAT-RHSA-2007:1157
URL: http://oss.oracle.com/pipermail/el-errata/2007-December/000453.html
URL: http://oss.oracle.com/pipermail/el-errata/2007-December/000456.html
XF-38284

Solution

oracle-linux-upgrade-mysql

Related Vulnerabilities

OS X security update 2008-007 for Networking (CVE-2008-3645)
HP-UX: CVE-2008-2364: Running Apache, Remote Cross Site Scripting (XSS) or Denial of Service (DoS)
Cent OS: CVE-2008-2712: CESA-2008:0580 (vim)
SUSE Linux Security Vulnerability: CVE-2008-1389
RHSA-2008:0967: httpd security and bug fix update
Cent OS: CVE-2008-1232: CESA-2008:0648 (tomcat)
OS X security update 2010-002 for vim (CVE-2008-2712)
SUSE Linux Security Advisory: SUSE-SR:2009:002
VMSA-2009-0016.6: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2007-6286)
CESA-2008:0042: tomcat security update
FreeBSD: mysql -- privilege escalation and overwrite of the system table information (CVE-2007-5969)
FreeBSD: vim -- Vim Shell Command Injection Vulnerabilities (CVE-2008-2712)
OS X security update 2008-007 for libxslt (CVE-2008-1767)
USN-624-2: Erlang vulnerability
Gentoo Linux: CVE-2007-5969: MySQL: Multiple vulnerabilities
SUSE Linux Security Vulnerability: CVE-2008-2370
OS X update for PHP (CVE-2008-2371)
USN-628-1: PHP vulnerabilities
OS X security update 2008-007 for MySQL Server (CVE-2008-2079)
ELSA-2008-0617 Moderate: Enterprise Linux vim security update
Sun Patch: SunOS 5.10_x86: Oracle Java Web Console 3.1 Patch
Apache Tomcat Cookie Handling Session ID Disclosure Vulnerability (CVE-2007-5333)
OS X security update 2008-007 for ClamAV (CVE-2008-3914)
Apache Tomcat: Low: Session hi-jacking (CVE-2007-5333)
Gentoo Linux: CVE-2008-3913: ClamAV: Multiple Denials of Service
RHSA-2010:0602: Red Hat Certificate System 7.3 security update
RHSA-2009:1454: tomcat5 security update
SUSE Linux Security Advisory: SUSE-SR:2008:003
VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2008-1232)
Apache Tomcat Host Manager Cross-Site Scripting Vulnerability
Cent OS: CVE-2008-2370: CESA-2008:0648 (tomcat)
Cent OS: CVE-2008-3432: CESA-2008:0617 (vim)
SUSE Linux Security Advisory: SUSE-SR:2008:013
FreeBSD: cups -- multiple vulnerabilities (Multiple CVEs)
USN-1397-1: MySQL vulnerabilities
RHSA-2008:0937: cups security update
SUSE Linux Security Vulnerability: CVE-2007-5925
RHSA-2008:0580: vim security update
SUSE Linux Security Vulnerability: CVE-2008-3913
RHSA-2008:0862: tomcat security update
RHSA-2007:1155: mysql security update
SUSE Linux Security Advisory: SUSE-SR:2008:005
MySQL DATA DIRECTORY and INDEX DIRECTORY symlink system table overwrite
FreeBSD: mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths (Multiple CVEs)
Sun Patch: SunOS 5.9: Apache Security Patch
OS X security update 2008-007 for Tomcat (CVE-2008-0002)
OpenSSL CRYPTO_cleanup_all_ex_data denial of service (CVE-2008-1678)
VMSA-2009-0016.6: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2008-1947)
SUSE Linux Security Vulnerability: CVE-2008-2371
VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2007-5342)
OS X security update 2008-005 for PHP (CVE-2007-4850)
FreeBSD: pcre -- buffer overflow vulnerability (CVE-2008-0674)
USN-671-1: MySQL vulnerabilities
FreeBSD: apache -- multiple vulnerabilities (Multiple CVEs)
Gentoo Linux: CVE-2008-2079: MySQL: Privilege bypass
OS X security update 2008-007 for MySQL Server (CVE-2007-5969)
ELSA-2008-0287 Important: Enterprise Linux libxslt security update
RHSA-2009:1164: tomcat security update
SUSE Linux Security Vulnerability: CVE-2008-2364
FreeBSD: php -- multiple vulnerabilities (Multiple CVEs)
CESA-2007:1155: RHSA-2007:1155
ELSA-2008-0937 Important: Enterprise Linux cups security update
VMSA-2009-0002: Update for VirtualCenter and ESX patch update Apache Tomcat version to 5.5.27 (CVE-2008-2370)
OS X security update 2008-007 for Tomcat (CVE-2008-2938)
RHSA-2008:0151: JBoss Enterprise Application Platform 4.2.0CP02 security update
VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2008-0002)
VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2008-2370)
Apache Tomcat Exception Handling Information Disclosure Vulnerability
Sun Patch: SunOS 5.9_x86: Apache Security Patch
Cent OS: CVE-2008-2938: CESA-2008:0648 (tomcat)
Gentoo Linux: CVE-2008-0002: Tomcat: Multiple vulnerabilities
VMSA-2009-0016.6: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2008-0002)
PHP Multiple Vulnerabilities Fixed in version 4.4.9
Gentoo Linux: CVE-2008-1678: Apache: Denial of Service
SUSE Linux Security Vulnerability: CVE-2008-1232
Gentoo Linux: CVE-2008-1389: ClamAV: Multiple Denials of Service
VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2007-5342)
Sun Patch: SunOS 5.10: Apache 1.3 Patch
OS X security update 2008-007 for Apache (CVE-2008-1678)
VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2007-5461)
OS X security update 2008-005 for PHP (CVE-2008-0674)
SUSE Linux Security Advisory: SUSE-SR:2008:017
VMSA-2009-0002: Update for VirtualCenter and ESX patch update Apache Tomcat version to 5.5.27 (CVE-2008-1232)
USN-588-1: MySQL vulnerabilities
USN-581-1: PCRE vulnerability
RHSA-2009:1563: tomcat security update
FreeBSD: clamav -- CHM Processing Denial of Service (CVE-2008-1389)
SUSE Linux Security Vulnerability: CVE-2007-6286
VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2007-5333)
VMSA-2009-0004.3: Updated vim package (CVE-2008-4101)
PHP Vulnerability: CVE-2007-4850
Cent OS: CVE-2008-4101: CESA-2008:0580 (vim)
VMSA-2009-0016.6: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2007-5333)
Gentoo Linux: CVE-2007-6420: Apache: Denial of Service
RHSA-2008:0877: jbossweb security update
Apache Tomcat JULI Logging Component Security Bypass
RHSA-2008:0618: vim security update
Gentoo Linux: CVE-2007-5461: Tomcat: Multiple vulnerabilities
RHSA-2008:0617: vim security update
Apache Tomcat: Low: Cross-site scripting (CVE-2008-1947)

Vulnerability & Exploit Database

ELSA-2007-1155 Important: Enterprise Linux mysql security update

Description

Scan For This Vulnerability

References

Solution

Related Vulnerabilities

Legal

Resources & Help

Connect With Us

Stay in touch:

Quick Cookie Notification

Vulnerability & Exploit Database

ELSA-2007-1155 Important: Enterprise Linux mysql security update

Description

Scan For This Vulnerability

References

Solution

Related Vulnerabilities

Legal

Resources & Help

Connect With Us

Stay in touch: