MySQL Authenticated Access Restrictions Bypass Vulnerability (Linux) Network Vulnerability

Summary

The host is running MySQL and is prone to Access Restrictions Bypass Vulnerability

Impact

Successful exploitation could allow users to bypass intended access restrictions by calling CREATE TABLE with DATA DIRECTORY or INDEX DIRECTORY argument referring to a subdirectory. Impact Level: Application

Solution

Upgrade to MySQL version 5.0.88 or 5.1.41 or 6.0.9-alpha For updates refer to http://dev.mysql.com/downloads

Insight

The flaw is due to an error in 'sql/sql_table.cc', when the data home directory contains a symlink to a different filesystem.

Affected

MySQL 5.0.x before 5.0.88, 5.1.x before 5.1.41, 6.0 before 6.0.9-alpha

References

http://bugs.mysql.com/bug.php?id=39277
http://lists.mysql.com/commits/59711
http://marc.info/?l=oss-security&m=125908040022018&w=2

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-7247

CVSS	Base Score: 6.0 AV:N/AC:M/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Denial of Service (DoS) in Microsoft SMS Client
Adobe Flash Media Server Remote Denial of Service Vulnerability (August-2011)
Comodo Internet Security Denial of Service Vulnerability-02
Comodo Internet Security Denial of Service Vulnerability-03
Firefox XUL Parsing Denial of Service Vulnerability (Linux)

Take action and discover your vulnerabilities