Veracode Vulnerability DatabaseVERACODE:24048Symlink Attack
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
MySQL is vulnerable to symlink attack. A flaw was discovered in the way MySQL handled symbolic links to tables created using the DATA DIRECTORY and INDEX DIRECTORY directives in CREATE TABLE statements. An attacker with CREATE and DROP table privileges, and shell access to the database server, could use this flaw to remove data and index files of tables created by other database users using the MyISAM storage engine.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mysql | eq | 5.0.22__2.2.el5_1.1 | |
| mysql | eq | 5.0.45__7.el5 | |
| mysql | eq | 5.0.77__3.el5 | |
| mysql | eq | 5.0.22__2.2.el5_1.1 | |
| mysql | eq | 5.0.45__7.el5 | |
| mysql | eq | 5.0.77__3.el5 |
References
bugs.mysql.com/bug.php?id=40980
lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
securitytracker.com/id?1024004
www.mandriva.com/security/advisories?name=MDVSA-2010:101
www.openwall.com/lists/oss-security/2010/05/10/2
www.openwall.com/lists/oss-security/2010/05/18/4
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2010-0442.html
www.securityfocus.com/bid/40257
www.ubuntu.com/usn/USN-1397-1
www.vupen.com/english/advisories/2010/1194
access.redhat.com/errata/RHSA-2010:0442
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9490
Related
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P