Oracle MySQL versions prior to 5.1.48 suffer from a remote ALTER DATABASE denial of service vulnerability.
54e32970fd5f46c2d983206f4f21f06e18f546ef382011145c91559a74fe5923A vulnerability was reported in MySQL. A remote authenticated user can cause denial of service conditions.
This issue affects versions prior to MySQL 5.1.48.
A remote authenticated user can send a specially crafted ALTER DATABASE command to cause the target server to move a data directory into a new subdirectory, causing the data directory to become unusable.
A demonstration exploit request is provided [where "<special>" is "." or ".." or is a sequence that begins with "./" or "../"]:
ALTER DATABASE `#mysql50#<special>` UPGRADE DATA DIRECTORY NAME
Vendor advisory at:
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed