fkie_nvd - fkie_cve-2007-6313

fkie_cve-2007-6313

Vulnerability from fkie_nvd

Published

2008-02-18 23:00

Modified

2025-04-09 00:30

Severity ?

Summary

MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements.

References

▶	URL	Tags
	cve@mitre.org	http://bugs.mysql.com/31611
	cve@mitre.org	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html
	cve@mitre.org	http://osvdb.org/43179
	cve@mitre.org	http://www.securitytracker.com/id?1019083
	cve@mitre.org	http://www.vupen.com/english/advisories/2008/0560/references
	af854a3a-2127-422b-91ae-364da2661108	http://bugs.mysql.com/31611
	af854a3a-2127-422b-91ae-364da2661108	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/43179
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019083
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0560/references

Impacted products

Vendor	Product	Version
mysql	mysql_community_server	5.1.1
mysql	mysql_community_server	5.1.2
mysql	mysql_community_server	5.1.3
mysql	mysql_community_server	5.1.4
mysql	mysql_community_server	5.1.5
mysql	mysql_community_server	5.1.6
mysql	mysql_community_server	5.1.7
mysql	mysql_community_server	5.1.8
mysql	mysql_community_server	5.1.9
mysql	mysql_community_server	5.1.10
mysql	mysql_community_server	5.1.11
mysql	mysql_community_server	5.1.12
mysql	mysql_community_server	5.1.13
mysql	mysql_community_server	5.1.14
mysql	mysql_community_server	5.1.15
mysql	mysql_community_server	5.1.16
mysql	mysql_community_server	5.1.17
mysql	mysql_community_server	5.1.18
mysql	mysql_community_server	5.1.19
mysql	mysql_community_server	5.1.20
mysql	mysql_community_server	5.1.21
mysql	mysql_community_server	5.1.22
mysql	mysql_community_server	6.0.0
mysql	mysql_community_server	6.0.1
mysql	mysql_community_server	6.0.2
mysql	mysql_community_server	6.0.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "78D57F50-6907-4F3A-B6C8-A7F96191E57C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AA549DB-8870-41C2-881A-018C1FA66A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "85C4F943-4457-43CB-BCD4-89A593446877",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F9345D2-DFFC-4932-B967-996363D5556F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A950B554-660F-474E-A0E0-55EAE4CF0ECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:5.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E77E350-47C9-4286-8B2E-2021974F2AE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:5.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB79AEDA-C256-4B5C-953F-5C8BFFF80612",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:5.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D6F573E-B1E5-4AB3-BEA7-130EF8AD51C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:5.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "62D4CC90-D892-4E1D-A6D7-9A50FAF9466C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:5.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D211EF2D-AF05-441E-8C6C-7F3CB4AFC417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:5.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A79BEFA-B205-4C94-9575-EB970823B935",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:5.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "16939E17-0791-4B50-A6E1-4A2FF3C02109",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:5.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D39E098-FBFC-42EC-835B-AB487807D176",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:5.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "902F6029-CB42-4A3B-9D9B-4F5134871685",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:5.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "7428EF7D-3ECA-4C54-A945-AD03CA3EEA49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:5.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "798A89AA-4CD7-4402-9B14-B45970022C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:5.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "879DEFCF-B345-41ED-8A2E-531FBD7A2FEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:5.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "8313D34E-CE00-4B0B-B30F-9E2591BD515A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:5.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0E05202-0E64-4698-970A-DCF665E0E9A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:5.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C85219E-C93F-4DCC-9507-AD6B00CAD687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:5.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC835BFC-8AE7-4A01-99C1-C7EFDBFA8A16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:5.1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A022751-FE6D-4C5D-AB02-22C44D7E6B1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC3405E4-CFB2-4C28-A064-C5DF930D7265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F7C8380-7E23-4434-B23E-1885E45D6FFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E82B78B-BA41-4054-8ABC-6B11FD550C2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql_community_server:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "682DC73C-2EEC-4939-9BF8-2F9C238374F7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements."
    },
    {
      "lang": "es",
      "value": "MySQL Server 5.1.x antes de 5.1.23 y 6.0.x antes de 6.0.4 no comprueba los privilegios de entidad ejecutando BINLOG, lo que permite a usuarios autorizados remotamente ejecutar sentencias BINLOG de su elecci\u00f3n."
    }
  ],
  "id": "CVE-2007-6313",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-02-18T23:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.mysql.com/31611"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/43179"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019083"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0560/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.mysql.com/31611"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/43179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0560/references"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect the versions of MySQL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
      "lastModified": "2008-02-20T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2007-6313 (GCVE-0-2007-6313)

Vulnerability from cvelistv5

Published

2008-02-18 22:00