Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7247

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2008-7247
Last Modified 14 Jan 2011 01:30:36
Published 30 Nov 2009 12:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-7247

Summary

sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.

Vulnerable Systems

Application

  • Mysql 5.0

  • Mysql 5.0.0

  • Mysql 5.0.0.0

  • Mysql 5.0.1

  • Mysql 5.0.10

  • Mysql 5.0.10a

  • Mysql 5.0.11

  • Mysql 5.0.12

  • Mysql 5.0.13

  • Mysql 5.0.14

  • Mysql 5.0.15

  • Mysql 5.0.15a

  • Mysql 5.0.16

  • Mysql 5.0.16a

  • Mysql 5.0.17

  • Mysql 5.0.17a

  • Mysql 5.0.18

  • Mysql 5.0.19

  • Mysql 5.0.1a

  • Mysql 5.0.2

  • Mysql 5.0.20

  • Mysql 5.0.20a

  • Mysql 5.0.21

  • Mysql 5.0.22

  • Mysql 5.0.22.1.0.1

  • Mysql 5.0.23

  • Mysql 5.0.24

  • Mysql 5.0.24a

  • Mysql 5.0.25

  • Mysql 5.0.26

  • Mysql 5.0.27

  • Mysql 5.0.3

  • Mysql 5.0.30

  • Mysql 5.0.32

  • Mysql 5.0.33

  • Mysql 5.0.36

  • Mysql 5.0.37

  • Mysql 5.0.38

  • Mysql 5.0.3a

  • Mysql 5.0.4

  • Mysql 5.0.41

  • Mysql 5.0.42

  • Mysql 5.0.44

  • Mysql 5.0.45

  • Mysql 5.0.4a

  • Mysql 5.0.5

  • Mysql 5.0.5.0.21

  • Mysql 5.0.50

  • Mysql 5.0.51

  • Mysql 5.0.51a

  • Mysql 5.0.51b

  • Mysql 5.0.52

  • Mysql 5.0.54

  • Mysql 5.0.56

  • Mysql 5.0.6

  • Mysql 5.0.60

  • Mysql 5.0.66

  • Mysql 5.0.7

  • Mysql 5.0.75

  • Mysql 5.0.77

  • Mysql 5.0.8

  • Mysql 5.0.81

  • Mysql 5.0.82

  • Mysql 5.0.83

  • Mysql 5.1

  • Mysql 5.1.1

  • Mysql 5.1.10

  • Mysql 5.1.11

  • Mysql 5.1.12

  • Mysql 5.1.13

  • Mysql 5.1.14

  • Mysql 5.1.15

  • Mysql 5.1.16

  • Mysql 5.1.17

  • Mysql 5.1.18

  • Mysql 5.1.19

  • Mysql 5.1.2

  • Mysql 5.1.20

  • Mysql 5.1.21

  • Mysql 5.1.22

  • Mysql 5.1.23

  • Mysql 5.1.23 Bk

  • Mysql 5.1.23a

  • Mysql 5.1.3

  • Mysql 5.1.30

  • Mysql 5.1.32-bzr

  • Mysql 5.1.4

  • Mysql 5.1.5

  • Mysql 5.1.5a

  • Mysql 5.1.6

  • Mysql 5.1.7

  • Mysql 5.1.8

  • Mysql 5.1.9

  • Mysql 6.0.0

  • Mysql 6.0.1

  • Mysql 6.0.2

  • Mysql 6.0.3

  • Mysql 6.0.4

  • Mysql 6.0.9


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=543619

VUPEN - ADV-2010-1107

BID - 38043

MANDRIVA - MDVSA-2010:044

UBUNTU - USN-897-1

CONFIRM - http://support.apple.com/kb/HT4077

SECUNIA - 38517

MLIST - [oss-security] 20091124 Re: mysql-5.1.41

SUSE - SUSE-SR:2010:021

SUSE - SUSE-SR:2010:011

MLIST - [commits] 20081124 bzr commit into mysql-6.0-backup branch (ingo.struewing:2744) Bug#39277

APPLE - APPLE-SA-2010-03-29-1

CONFIRM - http://bugs.mysql.com/bug.php?id=39277

Related Patches

Novell SUSE 2010:6897 mysql security update for SLE 10 SP2 i586


Last Updated: 27 May 2016 10:49:31