MySQL Authenticated Access Restrictions Bypass Vulnerability (Linux) Network Vulnerability

Summary

The host is running MySQL and is prone to Access Restrictions Bypass Vulnerability

Impact

Successful exploitation could allow users to bypass intended access restrictions by calling CREATE TABLE with DATA DIRECTORY or INDEX DIRECTORY argument referring to a subdirectory. Impact Level: Application

Solution

Upgrade to MySQL version 5.0.88 or 5.1.41 or 6.0.9-alpha For updates refer to http://dev.mysql.com/downloads

Insight

The flaw is due to an error in 'sql/sql_table.cc', when the data home directory contains a symlink to a different filesystem.

Affected

MySQL 5.0.x before 5.0.88, 5.1.x before 5.1.41, 6.0 before 6.0.9-alpha

References

http://bugs.mysql.com/bug.php?id=39277
http://lists.mysql.com/commits/59711
http://marc.info/?l=oss-security&m=125908040022018&w=2

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-7247
CVSS Base Score: 6.0
AV:N/AC:M/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Comodo Internet Security Denial of Service Vulnerability-03
Dell OpenManage Web Server <= 3.7.1
Crash SMC AP
AyeView GIF Image Handling Denial of Service Vulnerability
Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Linux)

Take action and discover your vulnerabilities