← Back to team overview

maria-discuss team mailing list archive

Possible CVE from upstream

 

This seems to affect the released versions of MariaDB as well since they are based on 5.1.47 upstream as far as I can tell.

CVE-2010-2008 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2008):
  MySQL before 5.1.48 allows remote authenticated users with alter
  database privileges to cause a denial of service (server crash and
  database loss) via an ALTER DATABASE command with a #mysql50# string
  followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar
  sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes
  MySQL to move certain directories to the server data directory.