fkie_cve-2008-7247
Vulnerability from fkie_nvd
Published
2009-11-30 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.
References
cve@mitre.orghttp://bugs.mysql.com/bug.php?id=39277Exploit
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
cve@mitre.orghttp://lists.mysql.com/commits/59711Exploit
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
cve@mitre.orghttp://marc.info/?l=oss-security&m=125908040022018&w=2
cve@mitre.orghttp://secunia.com/advisories/38517
cve@mitre.orghttp://support.apple.com/kb/HT4077
cve@mitre.orghttp://ubuntu.com/usn/usn-897-1
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2010:044
cve@mitre.orghttp://www.securityfocus.com/bid/38043
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1397-1
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/1107
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=543619
af854a3a-2127-422b-91ae-364da2661108http://bugs.mysql.com/bug.php?id=39277Exploit
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.mysql.com/commits/59711Exploit
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=125908040022018&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38517
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT4077
af854a3a-2127-422b-91ae-364da2661108http://ubuntu.com/usn/usn-897-1
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:044
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/38043
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1397-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1107
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=543619
Impacted products
Vendor Product Version
mysql mysql 5.0.0
mysql mysql 5.0.1
mysql mysql 5.0.2
mysql mysql 5.0.3
mysql mysql 5.0.4
mysql mysql 5.0.5
mysql mysql 5.0.5.0.21
mysql mysql 5.0.10
mysql mysql 5.0.15
mysql mysql 5.0.16
mysql mysql 5.0.17
mysql mysql 5.0.20
mysql mysql 5.0.22.1.0.1
mysql mysql 5.0.24
mysql mysql 5.0.30
mysql mysql 5.0.36
mysql mysql 5.0.44
mysql mysql 5.0.54
mysql mysql 5.0.56
mysql mysql 5.0.60
mysql mysql 5.0.66
mysql mysql 5.0.82
mysql mysql 5.1.5
mysql mysql 5.1.23
mysql mysql 5.1.32
mysql mysql 6.0.9
oracle mysql 5.0.0
oracle mysql 5.0.3
oracle mysql 5.0.6
oracle mysql 5.0.7
oracle mysql 5.0.8
oracle mysql 5.0.11
oracle mysql 5.0.12
oracle mysql 5.0.13
oracle mysql 5.0.14
oracle mysql 5.0.18
oracle mysql 5.0.19
oracle mysql 5.0.21
oracle mysql 5.0.22
oracle mysql 5.0.23
oracle mysql 5.0.25
oracle mysql 5.0.26
oracle mysql 5.0.27
oracle mysql 5.0.30
oracle mysql 5.0.32
oracle mysql 5.0.33
oracle mysql 5.0.37
oracle mysql 5.0.38
oracle mysql 5.0.41
oracle mysql 5.0.42
oracle mysql 5.0.45
oracle mysql 5.0.50
oracle mysql 5.0.51
oracle mysql 5.0.52
oracle mysql 5.0.75
oracle mysql 5.0.77
oracle mysql 5.0.81
oracle mysql 5.0.83
oracle mysql 5.1
oracle mysql 5.1.1
oracle mysql 5.1.2
oracle mysql 5.1.3
oracle mysql 5.1.4
oracle mysql 5.1.6
oracle mysql 5.1.7
oracle mysql 5.1.8
oracle mysql 5.1.9
oracle mysql 5.1.10
oracle mysql 5.1.11
oracle mysql 5.1.12
oracle mysql 5.1.13
oracle mysql 5.1.14
oracle mysql 5.1.15
oracle mysql 5.1.16
oracle mysql 5.1.17
oracle mysql 5.1.18
oracle mysql 5.1.19
oracle mysql 5.1.20
oracle mysql 5.1.21
oracle mysql 5.1.22
oracle mysql 5.1.30
oracle mysql 6.0.0
oracle mysql 6.0.1
oracle mysql 6.0.2
oracle mysql 6.0.3
oracle mysql 6.0.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC198CDB-CAC0-41DD-9FCD-42536E7FE11A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B77A2761-2B44-4061-9C29-A54F90A1AD83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B3AD851-056F-4E57-B85B-4AC5A5A20C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD24EA8C-4FCA-4F40-B2EA-7DFA49432483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "754B78F2-A03C-40BE-812B-F5E57B93D20B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "575039BD-A8B6-4459-B5F0-F220A94650EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDA03768-74D2-4C5D-ABCF-8A91F9E6C273",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "542B23CB-7535-4EF7-B926-466A5161A0D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "45E686C3-4100-465C-9F45-068580B496E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E9F09D8-6FAE-4A5B-AE04-248CD52C5FF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB618DB2-6B00-4E99-8232-937D2C51986B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "665E063D-355D-4A5A-A05F-36BF582DE36F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.22.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "214E3CF9-6362-4F5A-91B7-5E69564F7144",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4C6CD84-EA5D-451F-AFC3-5F7094F0017D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF9271A-A816-44F6-A811-ECC1FB0993C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "F482D3D3-205C-495E-AF3A-E9C3018111F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "53853D65-F2C6-410F-9CF8-DED19B66BD4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "D927706B-565F-4152-8F86-AC85F1AA469F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C0291F7-27D9-4634-9DD3-21827C1CC5ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D54A38-E7A0-4B89-BBA5-D98D4D7FF3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.66:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A7AFEB8-711B-4DED-A24E-38012F415FC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.82:*:*:*:*:*:*:*",
              "matchCriteriaId": "9369CF20-D05C-41A2-8F9E-DE259FCF9E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "35BED939-3366-4CBF-B6BF-29C0C42E97F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.1.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D0F7A49-62A2-4201-B6F3-8DB9902A4480",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.1.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2BFBC7B-5C23-4CDB-AE4F-721378C36B07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:6.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E9E9D88-6640-45E8-83AA-7B9C0936D905",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "19001041-22C4-4D2C-A918-378DACBB1DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*",
              "matchCriteriaId": "6F610D56-6BB6-48FB-B43A-670CE9168500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1668BB5B-E7FB-4430-B8D5-89E308F5DD39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3F44DA1-1509-4AC7-AB6B-2B2A834A16AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A2D6DF6-FE5D-428F-BCEB-E7832C2B4FE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "A56ACB60-EC2C-45AF-B923-B3A90A2F7AE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "67C52D66-3BCA-4854-BF09-CB6DF1AC0E48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF54CC8D-B736-461D-B693-686E862EF969",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E5EADE4-9E1B-4A1C-B3B5-ACF1287A19E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "053ACE9B-A146-42C0-ADB2-47F6119965D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "30B4F891-2A03-45A8-A49C-7F8B8F7D8407",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "69E62AC4-954E-476C-98BE-C138E328AE7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B88385C-F5FB-401F-80D5-5BF11CE3C19D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA586E2B-A349-47C8-A17C-DA9016C6C3B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "C30CA14C-AE28-4D9A-B53D-B7C28D3BA56B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "811780EA-8805-41A6-A920-A201CCC80790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "11873AEA-5D6C-4AC0-915A-8A2869B2EFF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "A7753CE5-61C4-4FBC-BB60-F7D4493E76E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EDC2EB4-2C8D-4EF7-83A6-CBE6FF759DD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "5965032E-5BC0-4E69-B097-F9EE2B24C861",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "35F21A5A-F9C0-4860-80AD-1D3937483F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "B54F660F-AE43-4F3B-8935-5712CAE860A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "4413BB52-6FBD-4C12-8864-ADDC65E45B25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B49F9BA-560B-40AE-9457-436830CDD371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53A8437-C61A-4203-B341-B5596569E50B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1435669-9BDA-40D4-BB30-C8AE1C3E7649",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8EBAE3C-F24D-4935-96BF-9541EC03B8F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA95EE27-389A-4068-AAC1-AD64DD6BB006",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA3E354-4366-46B5-ACD2-E72D0C8320A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C002047-0FB1-4DC6-9108-B4B5AAFAC16A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "584C0690-2826-4389-95AD-42048AEE1916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.83:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CB85180-0F28-4281-BB59-E3F29BE25C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F58612F4-1CAC-4BFC-A9B2-3D4025F428FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F49A1D-BCA3-4772-8AB3-621CCC997B3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F719DD8E-8379-43C3-97F9-DE350E457F7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "342BB65B-1358-441C-B59A-1756BCC6414A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8589B1E7-0D6D-44B4-A36E-8225C5D15828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "88FEEE64-899F-4F55-B829-641706E29E32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8597F56-BB14-480C-91CD-CAB96A9DDD8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F4C5C88-95A7-4DDA-BC2F-CAFA47B0D67A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB2323C-EFE2-407A-9AE9-8717FA9F8625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6341F695-6034-4CC1-9485-ACD3A0E1A079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1DF5F19-ECD9-457F-89C6-6F0271CF4766",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "446DB5E9-EF4C-4A53-911E-91A802AECA5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "5829BE6A-BC58-482B-9DA1-04FDD413A7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "C85D20DF-702B-4F0B-922D-782474A4B663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "73A09785-3CA4-4797-A836-A958DCDC322F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4DE3D79-0966-4E14-9288-7C269A2CEEC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "564F6A24-BEB3-4420-A633-8AD54C292436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "047FBCCD-DE7C-41FA-80A3-AD695C643C7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "687CC501-4CB2-4295-86F6-A5E45DEC2D0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "822A718D-AD9D-4AB9-802F-5F5C6309D809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA2D4002-FD96-462D-BA55-4624170CAA4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A40FE1C-6EB0-4C75-867E-B1F8408E5A0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "31B9607A-1E58-4471-BEDE-03484A1E9739",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F48E7355-2D9A-454D-AE66-B0AE015E31A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E51BF67A-BAEC-48F8-9290-67C6C5B8442E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F5C6A2F-DEAE-470D-8888-0E9076CCA0B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C09231E-8759-4DFB-AA8D-17A1C6D43AC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "81592813-78D9-4366-AD2E-94677D93F599",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink."
    },
    {
      "lang": "es",
      "value": "sql/sql_table.cc en MySQL v5.0.x hasta la v5.0.88, v5.1.x hasta la v5.1.41, y v6.0 anteriores a v6.0.9-alpha, cuando el directorio de datos \"home\" contiene un enlace simb\u00f3lico a un sistema de ficheros diferente, permite a usuarios autenticados remotamente saltar las restricciones de acceso implementadas al invocar CREATE TABLE con un argumento (1) DATA DIRECTORY o (2) INDEX DIRECTORY referido a un subdirectorio que requiera el seguimiento de este enlace simb\u00f3lico."
    }
  ],
  "id": "CVE-2008-7247",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-11-30T17:30:00.217",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://bugs.mysql.com/bug.php?id=39277"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://lists.mysql.com/commits/59711"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=oss-security\u0026m=125908040022018\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/38517"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://ubuntu.com/usn/usn-897-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:044"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/38043"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-1397-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/1107"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543619"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://bugs.mysql.com/bug.php?id=39277"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://lists.mysql.com/commits/59711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=125908040022018\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38517"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ubuntu.com/usn/usn-897-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/38043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1397-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543619"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3, 4, or 5.",
      "lastModified": "2009-12-21T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.