icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

MySQL Enterprise Server 5.0 < 5.0.60 MyISAM Table Privilege Check Bypass

Low

Synopsis

The remote database server allows a local user to circumvent privileges.

Description

The version of MySQL Enterprise Server installed on the remote host reportedly allows a local user to circumvent privileges through creation of MyISAM tables using the 'DATA DIRECTORY' and 'INDEX DIRECTORY' options to overwrite existing table files in the application's data directory.

Solution

Upgrade to version 5.0.60 or higher.