CVE-2007-3781 in Ubuntu

CVE-2007-3781

Priority

Low

Description

MySQL Community Server before 5.0.45 does not require privileges such as
SELECT for the source table in a CREATE TABLE LIKE statement, which allows
remote authenticated users to obtain sensitive information such as the
table structure.

References

http://bugs.mysql.com/bug.php?id=25578
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:243
http://www.ubuntu.com/usn/usn-559-1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3781

Bugs

https://bugs.launchpad.net/ubuntu/+source/mysql-dfsg-5.1/+bug/172260

Notes

jdstrand> very invasive patch. Discussed one-time MicroVersionUpdate with
pitti-- too many changes to warrant the update.
jdstrand> apparently Mandriva found a patch for this going back to 5.0.24

Package

Source: mysql-dfsg-5.0 (LP Ubuntu Debian)

Upstream:	released (5.0.45)
Ubuntu 8.04 LTS (Hardy Heron):	released (5.0.45-1ubuntu2)

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2012-06-01 15:18:04 UTC (commit 5347)