CVE-2007-5969 (Medium) :
MySQL Community Server before 5.0.51, when a table relies on symlinks created through explicit
DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite
system table information and gain privileges via a RENAME TABLE statement that changes the
symlink to point to an existing file.
CVE-2007-6303 (Low) :
MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the
DEFINER value of a view when the view is altered, which allows remote authenticated users to
gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW
statement and an ALTER VIEW statement.
CVE-2007-6304 (Medium) :
The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4,
when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a
denial of service (federated handler crash and daemon crash) via a response that lacks the
minimum required number of columns.
Aldas Nabazas
Alejandro Mery
Christian Wiese