CVE-2010-2008

Exploit

EPSS 3.61%
Published 13.07.2010 20:30:01
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.

Affected products Warnungen 0 Metrics 2 CWE 1 References 15

Data is provided by the National Vulnerability Database (NVD)

Oracle ≫ Mysql Version < 5.1.48

Canonical ≫ Ubuntu Linux Version6.06

Canonical ≫ Ubuntu Linux Version8.04 SwEdition-

Canonical ≫ Ubuntu Linux Version9.10

Canonical ≫ Ubuntu Linux Version10.04 SwEdition-

Canonical ≫ Ubuntu Linux Version10.10

Canonical ≫ Ubuntu Linux Version11.04

Canonical ≫ Ubuntu Linux Version11.10

Fedoraproject ≫ Fedora Version13

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.61%	0.873

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:N/A:P

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

http://www.ubuntu.com/usn/USN-1397-1

Third Party Advisory

http://bugs.mysql.com/bug.php?id=53804

Vendor Advisory

Exploit

Issue Tracking

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html

Broken Link

http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044546.html

Third Party Advisory

http://secunia.com/advisories/40333

Third Party Advisory