MySQL Authenticated Access Restrictions Bypass Vulnerability Network Vulnerability

Summary

The host is running MySQL and is prone to Access restrictions Bypass Vulnerability

Impact

Successful exploitation could allow users to bypass intended access restrictions by calling CREATE TABLE with DATA DIRECTORY or INDEX DIRECTORY argument referring to a subdirectory. Impact Level: Application

Solution

Upgrade to MySQL version 5.1.41 For updates refer to http://dev.mysql.com/downloads

Insight

The flaw is due to an error while calling CREATE TABLE on a MyISAM table with modified DATA DIRECTORY or INDEX DIRECTORY.

Affected

MySQL 5.1.x before 5.1.41 on all running platform.

References

http://bugs.mysql.com/bug.php?id=32167
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4030
CVSS Base Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Freefloat FTP Server 'ALLO' Command Remote Buffer Overflow Vulnerability
ClamAV Remote Denial of Service Vulnerability
ejabberd 'mod_pubsub' Module Denial of Service Vulnerability
ejabberd 'client2server' Message Remote Denial of Service Vulnerability
Apache Subversion 'mod_dav_svn' log REPORT Request DoS Vulnerability

Take action and discover your vulnerabilities