OpenCVE

MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Fedoraproject	Fedora
Oracle	Mysql

Configuration 1 [-]

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*

Configuration 3 [-]

cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bugs.mysql.com/bug.php?id=53804
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044546.html
http://secunia.com/advisories/40333
http://secunia.com/advisories/40762
http://www.mandriva.com/security/advisories?name=MDVSA-2010:155
http://www.securityfocus.com/bid/41198
http://www.securitytracker.com/id?1024160
http://www.ubuntu.com/usn/USN-1017-1
http://www.ubuntu.com/usn/USN-1397-1
http://www.vupen.com/english/advisories/2010/1918
https://nvd.nist.gov/vuln/detail/CVE-2010-2008
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11869
https://www.cve.org/CVERecord?id=CVE-2010-2008

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-07-13T20:00:00

Updated: 2024-08-07T02:17:13.292Z

Reserved: 2010-05-21T00:00:00

Link: CVE-2010-2008

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-07-13T20:30:01.593

Modified: 2024-11-21T01:15:41.803

Link: CVE-2010-2008

Redhat

Severity : Moderate

Publid Date: 2010-07-06T00:00:00Z

Links: CVE-2010-2008 - Bugzilla

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object