Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MySQL < 5.0.51 RENAME TABLE Symlink System Table Overwrite

Low

Synopsis

The remote database server is susceptible to a local symlink attack.

Description

The version of MySQL installed on the remote host reportedly fails to check whether a file to which a symlink points exists when using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options. A local attacker may be able to leverage this issue to overwrite system table information by replacing the file to which the symlink points.

Solution

Upgrade to version 5.0.51 or higher.