thr3ads.net - Secure testing team - [Secure-testing-team] Bug#569484: CVE-2008-7247: bypass intended access restrictions [Feb 2010]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2010-Feb-11 21:08 UTC

[Secure-testing-team] Bug#569484: CVE-2008-7247: bypass intended access restrictions

Package: mysql-dfsg-5.1
Severity: important
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mysql-dfsg-5.1.

CVE-2008-7247[0]:
| sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41,
| and 6.0 before 6.0.9-alpha, when the data home directory contains a
| symlink to a different filesystem, allows remote authenticated users
| to bypass intended access restrictions by calling CREATE TABLE with a
| (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a
| subdirectory that requires following this symlink.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7247
    http://security-tracker.debian.org/tracker/CVE-2008-7247


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkt0cdwACgkQNxpp46476aq8XwCdHSgV0FhbNqyBIMen7882DNVx
dlgAnAwbRyasDyz9VatRyfprBQI5xjEY
=q8IF
-----END PGP SIGNATURE-----

Secure testing team - Feb 2010 - Bug#569484: CVE-2008-7247: bypass intended access restrictions

[Secure-testing-team] Bug#569484: CVE-2008-7247: bypass intended access restrictions