7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:S/C:C/I:C/A:C
6.4 Medium
AI Score
Confidence
Low
0.032 Low
EPSS
Percentile
91.2%
Joe Gallo and Artem Russakovskii discovered that the InnoDB
engine in MySQL did not properly perform input validation. An
authenticated user could use a crafted CONTAINS statement to
cause a denial of service. (CVE-2007-5925)
It was discovered that under certain conditions MySQL could be
made to overwrite system table information. An authenticated
user could use a crafted RENAME statement to escalate privileges.
(CVE-2007-5969)
Philip Stoev discovered that the the federated engine of MySQL
did not properly handle responses with a small number of columns.
An authenticated user could use a crafted response to a SHOW
TABLE STATUS query and cause a denial of service. (CVE-2007-6304)
It was discovered that MySQL did not properly enforce access
controls. An authenticated user could use a crafted CREATE TABLE
LIKE statement to escalate privileges. (CVE-2007-3781)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 7.10 | noarch | mysql-server-5.0 | <Β 5.0.45-1ubuntu3.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | libmysqlclient15-dev | <Β 5.0.45-1ubuntu3.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | libmysqlclient15off | <Β 5.0.45-1ubuntu3.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | mysql-client-5.0 | <Β 5.0.45-1ubuntu3.1 | UNKNOWN |
Ubuntu | 7.04 | noarch | mysql-server-5.0 | <Β 5.0.38-0ubuntu1.2 | UNKNOWN |
Ubuntu | 7.04 | noarch | libmysqlclient15-dev | <Β 5.0.38-0ubuntu1.2 | UNKNOWN |
Ubuntu | 7.04 | noarch | libmysqlclient15off | <Β 5.0.38-0ubuntu1.2 | UNKNOWN |
Ubuntu | 7.04 | noarch | mysql-client-5.0 | <Β 5.0.38-0ubuntu1.2 | UNKNOWN |
Ubuntu | 7.04 | noarch | mysql-server-4.1 | <Β 5.0.38-0ubuntu1.2 | UNKNOWN |
Ubuntu | 6.10 | noarch | mysql-server-5.0 | <Β 5.0.24a-9ubuntu2.2 | UNKNOWN |