Summary
The host is running MySQL and is prone to Access Restrictions Bypass Vulnerability
Impact
Successful exploitation could allow users to bypass intended access restrictions by calling CREATE TABLE with DATA DIRECTORY or INDEX DIRECTORY argument referring to a subdirectory.
Impact Level: Application
Solution
Upgrade to MySQL version 5.0.88 or 5.1.41 or 6.0.9-alpha For updates refer to http://dev.mysql.com/downloads
Insight
The flaw is due to an error in 'sql/sql_table.cc', when the data home directory contains a symlink to a different filesystem.
Affected
MySQL 5.0.x before 5.0.88, 5.1.x before 5.1.41, 6.0 before 6.0.9-alpha
References
Severity
Classification
-
CVE CVE-2008-7247 -
CVSS Base Score: 6.0
AV:N/AC:M/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)
- Apple Safari Malformed URI Remote DoS Vulnerability (Win)
- Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
- freeSSHd Pre-Authentication Error Remote DoS Vulnerability
- Firefox 'nsObserverList::FillObserverArray' DOS Vulnerability (Win)