Back to search
CVE-2007-5970
Published: Dec 10, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://bugs.mysql.com/bug.php?id=32091
x_refsource_CONFIRM
mysql-datadirectory-privilege-escalation(38988)
vdb-entry
x_refsource_XF
1019084
vdb-entry
x_refsource_SECTRACK
ADV-2008-0560
vdb-entry
x_refsource_VUPEN
42607
vdb-entry
x_refsource_OSVDB
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html
x_refsource_CONFIRM
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now