MySQL Authenticated Access Restrictions Bypass Vulnerability Network Vulnerability

Summary

The host is running MySQL and is prone to Access restrictions Bypass Vulnerability

Impact

Successful exploitation could allow users to bypass intended access restrictions by calling CREATE TABLE with DATA DIRECTORY or INDEX DIRECTORY argument referring to a subdirectory. Impact Level: Application

Solution

Upgrade to MySQL version 5.1.41 For updates refer to http://dev.mysql.com/downloads

Insight

The flaw is due to an error while calling CREATE TABLE on a MyISAM table with modified DATA DIRECTORY or INDEX DIRECTORY.

Affected

MySQL 5.1.x before 5.1.41 on all running platform.

References

http://bugs.mysql.com/bug.php?id=32167
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4030

CVSS	Base Score: 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ciscokits TFTP Server Long Filename Denial Of Service Vulnerability
Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
CUPS 'scheduler/select.c' Denial Of Service Vulnerability
Apple Safari Nested 'object' Tag Remote Denial Of Service vulnerability
ArGoSoft FTP Server XCWD Overflow

Take action and discover your vulnerabilities