Lucene search

[email protected]NVD:CVE-2008-7247

HistoryNov 30, 2009 - 5:30 p.m.

CVE-2008-7247

2009-11-3017:30:00

CWE-59

[email protected]

web.nvd.nist.gov

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

5.9 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.3%

JSON

sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.

Affected configurations

NVD

Node

mysqlmysqlMatch5.0.0

mysqlmysqlMatch5.0.1

mysqlmysqlMatch5.0.2

mysqlmysqlMatch5.0.3

mysqlmysqlMatch5.0.4

mysqlmysqlMatch5.0.5

mysqlmysqlMatch5.0.5.0.21

mysqlmysqlMatch5.0.10

mysqlmysqlMatch5.0.15

mysqlmysqlMatch5.0.16

mysqlmysqlMatch5.0.17

mysqlmysqlMatch5.0.20

mysqlmysqlMatch5.0.22.1.0.1

mysqlmysqlMatch5.0.24

mysqlmysqlMatch5.0.30

mysqlmysqlMatch5.0.36

mysqlmysqlMatch5.0.44

mysqlmysqlMatch5.0.54

mysqlmysqlMatch5.0.56

mysqlmysqlMatch5.0.60

mysqlmysqlMatch5.0.66

mysqlmysqlMatch5.0.82

mysqlmysqlMatch5.1.5

mysqlmysqlMatch5.1.23

mysqlmysqlMatch5.1.32

mysqlmysqlMatch6.0.9

oraclemysqlMatch5.0.0alpha

oraclemysqlMatch5.0.3beta

oraclemysqlMatch5.0.6

oraclemysqlMatch5.0.7

oraclemysqlMatch5.0.8

oraclemysqlMatch5.0.11

oraclemysqlMatch5.0.12

oraclemysqlMatch5.0.13

oraclemysqlMatch5.0.14

oraclemysqlMatch5.0.18

oraclemysqlMatch5.0.19

oraclemysqlMatch5.0.21

oraclemysqlMatch5.0.22

oraclemysqlMatch5.0.23

oraclemysqlMatch5.0.25

oraclemysqlMatch5.0.26

oraclemysqlMatch5.0.27

oraclemysqlMatch5.0.30sp1

oraclemysqlMatch5.0.32

oraclemysqlMatch5.0.33

oraclemysqlMatch5.0.37

oraclemysqlMatch5.0.38

oraclemysqlMatch5.0.41

oraclemysqlMatch5.0.42

oraclemysqlMatch5.0.45

oraclemysqlMatch5.0.50

oraclemysqlMatch5.0.51

oraclemysqlMatch5.0.52

oraclemysqlMatch5.0.75

oraclemysqlMatch5.0.77

oraclemysqlMatch5.0.81

oraclemysqlMatch5.0.83

oraclemysqlMatch5.1

oraclemysqlMatch5.1.1

oraclemysqlMatch5.1.2

oraclemysqlMatch5.1.3

oraclemysqlMatch5.1.4

oraclemysqlMatch5.1.6

oraclemysqlMatch5.1.7

oraclemysqlMatch5.1.8

oraclemysqlMatch5.1.9

oraclemysqlMatch5.1.10

oraclemysqlMatch5.1.11

oraclemysqlMatch5.1.12

oraclemysqlMatch5.1.13

oraclemysqlMatch5.1.14

oraclemysqlMatch5.1.15

oraclemysqlMatch5.1.16

oraclemysqlMatch5.1.17

oraclemysqlMatch5.1.18

oraclemysqlMatch5.1.19

oraclemysqlMatch5.1.20

oraclemysqlMatch5.1.21

oraclemysqlMatch5.1.22

oraclemysqlMatch5.1.30

oraclemysqlMatch6.0.0

oraclemysqlMatch6.0.1

oraclemysqlMatch6.0.2

oraclemysqlMatch6.0.3

oraclemysqlMatch6.0.4

References

bugs.mysql.com/bug.php?id=39277

lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

lists.mysql.com/commits/59711

lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html

marc.info/?l=oss-security&m=125908040022018&w=2

secunia.com/advisories/38517

support.apple.com/kb/HT4077

ubuntu.com/usn/usn-897-1

www.mandriva.com/security/advisories?name=MDVSA-2010:044

www.securityfocus.com/bid/38043

www.ubuntu.com/usn/USN-1397-1

www.vupen.com/english/advisories/2010/1107

bugzilla.redhat.com/show_bug.cgi?id=543619

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

5.9 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.3%

JSON

Related for NVD:CVE-2008-7247

openvas27 seebug2 nessus22 ubuntucve2 cvelist2 cve2 prion2 fedora7 nvd1 ubuntu2 gentoo1 threatpost1