MySQL 'ALTER DATABASE' Remote Denial Of Service Vulnerability Network Vulnerability

Summary

The host is running MySQL and is prone to Denial Of Service vulnerability.

Impact

Successful exploitation could allow an attacker to cause a Denial of Service. Impact Level: Application

Solution

Upgrade to MySQL version 5.1.48 For updates refer to http://dev.mysql.com/downloads

Insight

The flaw is due to an error when processing the 'ALTER DATABASE' statement and can be exploited to corrupt the MySQL data directory using the '#mysql50#' prefix followed by a '.' or '..'. NOTE: Successful exploitation requires 'ALTER' privileges on a database.

Affected

MySQL version priot to 5.1.48 on all running platform.

References

http://bugs.mysql.com/bug.php?id=53804
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html
http://secunia.com/advisories/40333
http://securitytracker.com/alerts/2010/Jun/1024160.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2008
CVSS Base Score: 3.5
AV:N/AC:M/Au:S/C:N/I:N/A:P

Related Vulnerabilities

PostgreSQL Low Cost Function Information Disclosure Vulnerability
Apache Derby Information Disclosure Vulnerability
IBM solidDB Stored Procedure Call Handling Denial of Service Vulnerability
Oracle MySQL Server Multiple Vulnerability-05 Nov12 (Windows)
MySQL 'ALTER DATABASE' Remote Denial Of Service Vulnerability

Take action and discover your vulnerabilities