CERTA-2007-AVI-541

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité permettant la manipulation de données, dont les tables système, affecte MySQL.

Description

Une vulnérabilité dans MySQL permet à un utilisateur malveillant de manipuler localement certaines données de la base. Elle survient lors du renommage de tables ayant certaines caractéristiques, et permet de remplacer ces tables par des liens symboliques pointant sur des structures controlées par l'attaquant.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Oracle MySQL Les versions de MySQL antérieures à la 5.0.51.
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Les versions de MySQL ant\u00e9rieures \u00e0 la 5.0.51.",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans MySQL permet \u00e0 un utilisateur malveillant de\nmanipuler localement certaines donn\u00e9es de la base. Elle survient lors du\nrenommage de tables ayant certaines caract\u00e9ristiques, et permet de\nremplacer ces tables par des liens symboliques pointant sur des\nstructures control\u00e9es par l\u0027attaquant.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5969"
    }
  ],
  "links": [
    {
      "title": "Bulletin de mise \u00e0 jour Mysql 5.0.51 du 15 novembre 2007 :",
      "url": "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html"
    },
    {
      "title": "Alerte de Secunia num\u00e9ro 27981 du 10 d\u00e9cembre 2007 :",
      "url": "http://secunia.com/advisories/27981/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:243 du 10 d\u00e9cembre    2007 :",
      "url": "http://www.mandriva.com/archives/security/advisories"
    }
  ],
  "reference": "CERTA-2007-AVI-541",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-12-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 permettant la manipulation de donn\u00e9es, dont les tables\nsyst\u00e8me, affecte MySQL.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans MySQL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de mise \u00e0 jour MySQL 5.0.51 du 15 novembre 2007",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.