CVE-2010-2008

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.

References

http://bugs.mysql.com/bug.php?id=53804

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044546.html

http://secunia.com/advisories/40333

http://secunia.com/advisories/40762

http://www.mandriva.com/security/advisories?name=MDVSA-2010:155

http://www.securityfocus.com/bid/41198

http://www.securitytracker.com/id?1024160

http://www.ubuntu.com/usn/USN-1017-1

http://www.ubuntu.com/usn/USN-1397-1

http://www.vupen.com/english/advisories/2010/1918

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11869

Details

Source: MITRE

Published: 2010-07-13

Updated: 2020-11-09

Type: CWE-77

Risk Information

CVSS v2

Base Score: 3.5

Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 6.8

Severity: LOW

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
58325Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-1397-1)NessusUbuntu Local Security Checks
high
57446GLSA-201201-02 : MySQL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
50573Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-1017-1)NessusUbuntu Local Security Checks
medium
50016openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0730-1)NessusSuSE Local Security Checks
medium
48399Mandriva Linux Security Advisory : mysql (MDVSA-2010:155-1)NessusMandriva Local Security Checks
medium
48226Fedora 12 : mysql-5.1.47-2.fc12 (2010-11126)NessusFedora Local Security Checks
low
47840Fedora 13 : mysql-5.1.48-2.fc13 (2010-11135)NessusFedora Local Security Checks
low
801120MySQL Community Server 5.1 < 5.1.48 Denial of Service VulnerabilityLog Correlation EngineDatabase
high
5588MySQL Community Server 5.1 < 5.1.48 Denial of Service VulnerabilityNessus Network MonitorDatabase
medium
47158MySQL Community Server < 5.1.48 Denial of ServiceNessusDatabases
low