From the changelog of not yet released versions of MySQL: Security Fix: Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information by replacing the symbolic link points. the file to which the symlink points. MySQL will now return an error when the file to which the symlink points already exists. (Bug#32111, CVE-2007-5969) Mentioned in: MySQL 4.1.24 http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html MySQL Enterprise 5.0.52 http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html Referenced MySQL bug report is not public at the moment: http://bugs.mysql.com/bug.php?id=32111
Also mentioned in: MySQL 5.1.23 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html MySQL 6.0.4 http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html
CVE description: CVE-2007-5969: MySQL Community Server before 5.0.51, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file. References: http://lists.mysql.com/announce/495 http://bugs.mysql.com/32111 http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html Upstream bug report remains private.
Additional info and upstream patch: http://lists.mysql.com/commits/37835
Problem was fixed in all affected supported products: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2007-1155.html Red Hat Application Stack: http://rhn.redhat.com/errata/RHSA-2007-1157.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-4471 https://admin.fedoraproject.org/updates/F8/FEDORA-2007-4465