4 - CVE-2007-3781

Executive Summary

Informations
Name	CVE-2007-3781	First vendor Publication	2007-07-15
Vendor	Cve	Last vendor Modification	2018-10-15

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Cvss Base Score	4	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	8	Authentication	Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3781

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17493

Oval ID:	oval:org.mitre.oval:def:17493
Title:	USN-559-1 -- mysql-dfsg-5.0 vulnerabilities
Description:	Joe Gallo and Artem Russakovskii discovered that the InnoDB engine in MySQL did not properly perform input validation.
Family:	unix	Class:	patch
Reference(s):	USN-559-1 CVE-2007-5925 CVE-2007-5969 CVE-2007-6304 CVE-2007-3781	Version:	7
Platform(s):	Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10	Product(s):	mysql-dfsg-5.0
Definition Synopsis:
Release section Ubuntu 6.06 is installed AND mysql-server-5.0 DPKG is earlier than 5.0.22-0ubuntu6.06.6 AND Release section Ubuntu 6.10 is installed AND mysql-server-5.0 DPKG is earlier than 5.0.24a-9ubuntu2.2 AND Release section Ubuntu 7.04 is installed AND mysql-server-5.0 DPKG is earlier than 5.0.38-0ubuntu1.2 AND Release section Ubuntu 7.10 is installed AND mysql-server-5.0 DPKG is earlier than 5.0.45-1ubuntu3.1

Definition Id: oval:org.mitre.oval:def:9195

Oval ID:	oval:org.mitre.oval:def:9195
Title:	MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
Description:	MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-3781	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section mysql is earlier than 0:5.0.45-7.el5 AND mysql-devel is earlier than 0:5.0.45-7.el5 AND mysql-test is earlier than 0:5.0.45-7.el5 AND mysql-bench is earlier than 0:5.0.45-7.el5 AND mysql-server is earlier than 0:5.0.45-7.el5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mysql Community Server cpe:2.3:a:mysql:community_server:5.0.44:::::::* cpe:2.3:a:mysql:community_server:5.0.41:::::::*	2

OpenVAS Exploits

Date	Description
2009-04-09	Name : Mandriva Update for MySQL MDKSA-2007:243 (MySQL) File : nvt/gb_mandriva_MDKSA_2007_243.nasl
2009-03-23	Name : Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-559-1 File : nvt/gb_ubuntu_USN_559_1.nasl
2009-03-06	Name : RedHat Update for mysql RHSA-2008:0364-01 File : nvt/gb_RHSA-2008_0364-01_mysql.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200708-10 (mysql) File : nvt/glsa_200708_10.nasl
2008-01-17	Name : Debian Security Advisory DSA 1451-1 (mysql-dfsg-5.0) File : nvt/deb_1451_1.nasl
0000-00-00	Name : Slackware Advisory SSA:2007-348-01 mysql File : nvt/esoft_slk_ssa_2007_348_01.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
37783	MySQL Community Server CREATE TABLE LIKE Table Structure Disclosure

Nessus® Vulnerability Scanner

Date	Description
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080521_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2008-05-22	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0364.nasl - Type : ACT_GATHER_INFO
2008-01-07	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1451.nasl - Type : ACT_GATHER_INFO
2007-12-24	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-559-1.nasl - Type : ACT_GATHER_INFO
2007-12-17	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-348-01.nasl - Type : ACT_GATHER_INFO
2007-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mysql-4376.nasl - Type : ACT_GATHER_INFO
2007-12-11	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-243.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_mysql-4375.nasl - Type : ACT_GATHER_INFO
2007-08-21	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200708-10.nasl - Type : ACT_GATHER_INFO
2007-07-25	Name : The remote database server is susceptible to multiple attacks. File : mysql_5_0_45.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/25017
BUGTRAQ	http://www.securityfocus.com/archive/1/473874/100/0/threaded
CONFIRM	http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html https://issues.rpath.com/browse/RPL-1536
DEBIAN	http://www.debian.org/security/2008/dsa-1451
GENTOO	http://security.gentoo.org/glsa/glsa-200708-10.xml
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDKSA-2007:243
MISC	http://bugs.mysql.com/bug.php?id=25578
MLIST	http://lists.mysql.com/announce/470
OSVDB	http://osvdb.org/37783
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT	http://www.redhat.com/support/errata/RHSA-2007-0894.html http://www.redhat.com/support/errata/RHSA-2008-0364.html
SECUNIA	http://secunia.com/advisories/25301 http://secunia.com/advisories/26073 http://secunia.com/advisories/26430 http://secunia.com/advisories/26498 http://secunia.com/advisories/26987 http://secunia.com/advisories/28040 http://secunia.com/advisories/28108 http://secunia.com/advisories/28128 http://secunia.com/advisories/28343 http://secunia.com/advisories/30351
SLACKWARE	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&...
UBUNTU	https://usn.ubuntu.com/559-1/

Alert History

If you want to see full details history, please login or register.

Date	Informations
2021-05-04 12:06:07	Multiple Updates
2021-04-22 01:06:40	Multiple Updates
2020-05-23 00:20:07	Multiple Updates
2018-10-16 00:19:10	Multiple Updates
2018-10-04 00:19:29	Multiple Updates
2017-09-29 09:23:08	Multiple Updates
2016-06-28 16:44:50	Multiple Updates
2016-04-26 16:22:23	Multiple Updates
2014-02-17 10:40:54	Multiple Updates
2013-05-11 10:31:28	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	2
CPE ID(s)	2
Sources(s)	25
osvdb(s)	1
Openvas Exploit(s)	6
Nessus® Exploit(s)	10

	Related
7.1	USN-559-1
7.1	MDKSA-2007:243
7.1	DSA-1451
6.5	RHSA-2008:0364
6	RHSA-2007:0894
5	GLSA-200708-10
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 6 more Alert(s)

4 - CVE-2007-3781

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU