Description of problem: Contrary to what the documentation says, ALTER privilege on the old table and CREATE and INSERT privileges on the new table are sufficient for the user to be able to rename a table. Version-Release number of selected component (if applicable): MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18.
Upstream bug report: http://bugs.mysql.com/bug.php?id=27515
Reporter changed to security-response-team by request of Jay Turner.
This issue has been addressed in following products: Red Hat Linux Enterprise 4 Red Hat Linux Enterprise 5 Red Hat Application Stack v1 for Enterprise Linux AS/ES (v.4) Via https://rhn.redhat.com/errata/RHSA-2008-0768.html https://rhn.redhat.com/errata/RHSA-2008-0364.html https://rhn.redhat.com/errata/RHSA-2007-0894.html