Description
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Shane Bester · textdosmultiple
https://www.exploit-db.com/exploits/14537
References (12)
Core 12
Core References
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1397-1
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11869
Exploit, Issue Tracking, Vendor Advisory x_refsource_confirm
http://bugs.mysql.com/bug.php?id=53804
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1918
Exploit, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/41198
Exploit, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1024160
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40333
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1017-1
Broken Link x_refsource_confirm
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html
Broken Link vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:155
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40762
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044546.html
Scores
EPSS
0.0361
EPSS Percentile
87.8%
Details
CWE
CWE-77
Status
published
Products (9)
canonical/ubuntu_linux
6.06
canonical/ubuntu_linux
8.04
canonical/ubuntu_linux
9.10
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
10.10
canonical/ubuntu_linux
11.04
canonical/ubuntu_linux
11.10
fedoraproject/fedora
13
oracle/mysql
< 5.1.48
Published
Jul 13, 2010
Tracked Since
Feb 18, 2026