maria-discuss team mailing list archive
Mailing list archive
Possible CVE from upstream
This seems to affect the released versions of MariaDB as well since
they are based on 5.1.47 upstream as far as I can tell.
MySQL before 5.1.48 allows remote authenticated users with alter
database privileges to cause a denial of service (server crash and
database loss) via an ALTER DATABASE command with a #mysql50# string
followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar
sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes
MySQL to move certain directories to the server data directory.