MySQL 'ALTER DATABASE' Remote Denial Of Service Vulnerability Network Vulnerability

Summary

The host is running MySQL and is prone to Denial Of Service vulnerability.

Impact

Successful exploitation could allow an attacker to cause a Denial of Service. Impact Level: Application

Solution

Upgrade to MySQL version 5.1.48 For updates refer to http://dev.mysql.com/downloads

Insight

The flaw is due to an error when processing the 'ALTER DATABASE' statement and can be exploited to corrupt the MySQL data directory using the '#mysql50#' prefix followed by a '.' or '..'. NOTE: Successful exploitation requires 'ALTER' privileges on a database.

Affected

MySQL version priot to 5.1.48 on all running platform.

References

http://bugs.mysql.com/bug.php?id=53804
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html
http://secunia.com/advisories/40333
http://securitytracker.com/alerts/2010/Jun/1024160.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2008

CVSS	Base Score: 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P

Related Vulnerabilities

Apache Derby Information Disclosure Vulnerability
Database Open Access Vulnerability
PostgreSQL Low Cost Function Information Disclosure Vulnerability
MySQL 'ALTER DATABASE' Remote Denial Of Service Vulnerability
IBM DB2 XML Feature Information Disclosure Vulnerability

Take action and discover your vulnerabilities