241688 – (CVE-2007-2691) CVE-2007-2691 mysql DROP privilege not enforced when renaming tables

Bug 241688 (CVE-2007-2691) - CVE-2007-2691 mysql DROP privilege not enforced when renaming tables

Summary: CVE-2007-2691 mysql DROP privilege not enforced when renaming tables

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2007-2691
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:	http://bugs.mysql.com/bug.php?id=27515
Whiteboard:
Depends On:	243990 243991 282471 445321
Blocks:	433686
TreeView+	depends on / blocked

Reported:	2007-05-29 15:46 UTC by Red Hat Product Security
Modified:	2019-09-29 12:20 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-09-28 15:17:22 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2007:0894	normal	SHIPPED_LIVE	Important: mysql security update	2007-09-10 15:37:28 UTC
Red Hat Product Errata	RHSA-2008:0364	normal	SHIPPED_LIVE	Low: mysql security and bug fix update	2008-05-20 12:44:41 UTC
Red Hat Product Errata	RHSA-2008:0768	normal	SHIPPED_LIVE	Moderate: mysql security, bug fix, and enhancement update	2008-07-24 17:12:22 UTC

Description Lubomir Kundrak 2007-05-29 15:46:58 UTC

Description of problem:

Contrary to what the documentation says, ALTER privilege on the old table
and CREATE and INSERT privileges on the new table are sufficient for the
user to be able to rename a table.

Version-Release number of selected component (if applicable):

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18.

Comment 8 Tomas Hoger 2008-05-06 12:58:37 UTC

Upstream bug report: http://bugs.mysql.com/bug.php?id=27515

Comment 10 Red Hat Bugzilla 2009-10-23 19:04:53 UTC

Reporter changed to security-response-team by request of Jay Turner.

Comment 11 Kurt Seifried 2011-09-28 15:17:22 UTC

This issue has been addressed in following products:

  Red Hat Linux Enterprise 4
  Red Hat Linux Enterprise 5
  Red Hat Application Stack v1 for Enterprise Linux AS/ES (v.4)

Via 
  https://rhn.redhat.com/errata/RHSA-2008-0768.html 
  https://rhn.redhat.com/errata/RHSA-2008-0364.html
  https://rhn.redhat.com/errata/RHSA-2007-0894.html

Note You need to log in before you can comment on or make changes to this bug.