CVE-2010-1626

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.

References

http://bugs.mysql.com/bug.php?id=40980

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html

http://securitytracker.com/id?1024004

http://www.mandriva.com/security/advisories?name=MDVSA-2010:101

http://www.openwall.com/lists/oss-security/2010/05/10/2

http://www.openwall.com/lists/oss-security/2010/05/18/4

http://www.redhat.com/support/errata/RHSA-2010-0442.html

http://www.securityfocus.com/bid/40257

http://www.ubuntu.com/usn/USN-1397-1

http://www.vupen.com/english/advisories/2010/1194

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9490

Details

Source: MITRE

Published: 2010-05-21

Updated: 2019-12-17

Type: CWE-264

Risk Information

CVSS v2

Base Score: 3.6

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P

Impact Score: 4.9

Exploitability Score: 3.9

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.45b:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.82:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.84:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.87:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.23:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.31:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.32:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.34:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.37:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:* versions up to 5.1.45 (inclusive)

cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.19:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.21:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.22:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.27:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.33:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.37:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.67:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.75:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.77:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.81:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.83:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.85:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.86:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.88:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.89:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.90:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.91:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.30:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.33:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.35:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.36:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.38:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.39:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.40:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.41:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.42:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.43:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.44:*:*:*:*:*:*:*

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
80705Oracle Solaris Third-Party Patch Update : mysql (multiple_vulnerabilities_in_mysql)NessusSolaris Local Security Checks
medium
68046Oracle Linux 5 : mysql (ELSA-2010-0442)NessusOracle Linux Local Security Checks
medium
60796Scientific Linux Security Update : mysql on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
58325Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-1397-1)NessusUbuntu Local Security Checks
high
57446GLSA-201201-02 : MySQL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
50936SuSE 11 / 11.1 Security Update : MySQL (SAT Patch Numbers 3220 / 3243)NessusSuSE Local Security Checks
medium
50523SuSE9 Security Update : MySQL (YOU Patch Number 12661)NessusSuSE Local Security Checks
medium
50021SuSE 10 Security Update : MySQL (ZYPP Patch Number 7172)NessusSuSE Local Security Checks
medium
50016openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0730-1)NessusSuSE Local Security Checks
medium
50010openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0731-1)NessusSuSE Local Security Checks
medium
46855Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-950-1)NessusUbuntu Local Security Checks
medium
46832Debian DSA-2057-1 : mysql-dfsg-5.0 - several vulnerabilitiesNessusDebian Local Security Checks
medium
46763CentOS 5 : mysql (CESA-2010:0442)NessusCentOS Local Security Checks
medium
46735RHEL 5 : mysql (RHSA-2010:0442)NessusRed Hat Local Security Checks
medium
46679Mandriva Linux Security Advisory : mysql (MDVSA-2010:101)NessusMandriva Local Security Checks
low
801159MySQL Community Server 5.1 < 5.1.46 Multiple VulnerabilitiesLog Correlation EngineDatabase
low
801159MySQL Community Server 5.1 < 5.1.46 Multiple VulnerabilitiesLog Correlation EngineDatabase
low
5547MySQL Community Server 5.1 < 5.1.46 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium
5547MySQL Community Server 5.1 < 5.1.46 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium
46328MySQL Community Server 5.1 < 5.1.46 Multiple VulnerabilitiesNessusDatabases
low