Bug 241688 (CVE-2007-2691)

Summary: CVE-2007-2691 mysql DROP privilege not enforced when renaming tables
Product: [Other] Security Response Reporter: Red Hat Product Security <security-response-team>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: kreilly, kseifried, tgl
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://bugs.mysql.com/bug.php?id=27515
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-28 15:17:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 243990, 243991, 282471, 445321    
Bug Blocks: 433686    

Description Lubomir Kundrak 2007-05-29 15:46:58 UTC 
Description of problem:

Contrary to what the documentation says, ALTER privilege on the old table
and CREATE and INSERT privileges on the new table are sufficient for the
user to be able to rename a table.

Version-Release number of selected component (if applicable):

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18.
Comment 8 Tomas Hoger 2008-05-06 12:58:37 UTC 
Upstream bug report: http://bugs.mysql.com/bug.php?id=27515
Comment 10 Red Hat Bugzilla 2009-10-23 19:04:53 UTC 
Reporter changed to security-response-team by request of Jay Turner.
Comment 11 Kurt Seifried 2011-09-28 15:17:22 UTC 
This issue has been addressed in following products:

  Red Hat Linux Enterprise 4
  Red Hat Linux Enterprise 5
  Red Hat Application Stack v1 for Enterprise Linux AS/ES (v.4)

Via 
  https://rhn.redhat.com/errata/RHSA-2008-0768.html 
  https://rhn.redhat.com/errata/RHSA-2008-0364.html
  https://rhn.redhat.com/errata/RHSA-2007-0894.html