[debian-mysql] Bug#455010: CVE-2007-5969 possible to overwrite system table information

Nico Golde nion at debian.org
Sat Dec 8 16:49:21 UTC 2007

Package: mysql-dfsg-5.0
Version: 5.0.32-7etch3
Severity: important
Tags: security

the following CVE (Common Vulnerabilities & Exposures) id was
published for mysql-dfsg-5.0.

| Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX
| DIRECTORY options can be used to overwrite system table information by
| replacing the file to which the symlink points.  MySQL will now return an error
| when the file to which the symlink points already exists.
| http://bugs.mysql.com/32111

This information is not yet on the mitre site but I guess you have access
to the bug report in the upstream BTS.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5969

Kind regards

Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20071208/4ea07001/attachment.pgp 

More information about the pkg-mysql-maint mailing list