maria-discuss team mailing list archive

Thread
Date

maria-discuss team
Mailing list archive
Message #00185

Possible CVE from upstream

To: maria-discuss@xxxxxxxxxxxxxxxxxxx
From: Brian Evans <grknight@xxxxxxxxxxxxxx>
Date: Thu, 29 Jul 2010 09:56:04 -0400
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.7) Gecko/20100713 Thunderbird/3.1.1

This seems to affect the released versions of MariaDB as well sincethey are based on 5.1.47 upstream as far as I can tell.


CVE-2010-2008 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2008):
  MySQL before 5.1.48 allows remote authenticated users with alter
  database privileges to cause a denial of service (server crash and
  database loss) via an ALTER DATABASE command with a #mysql50# string
  followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar
  sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes
  MySQL to move certain directories to the server data directory.