[debian-mysql] Bug#569484: CVE-2008-7247: bypass intended access restrictions
Giuseppe Iuculano
iuculano at debian.org
Thu Feb 11 21:08:46 UTC 2010
Package: mysql-dfsg-5.1
Severity: important
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mysql-dfsg-5.1.
CVE-2008-7247[0]:
| sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41,
| and 6.0 before 6.0.9-alpha, when the data home directory contains a
| symlink to a different filesystem, allows remote authenticated users
| to bypass intended access restrictions by calling CREATE TABLE with a
| (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a
| subdirectory that requires following this symlink.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7247
http://security-tracker.debian.org/tracker/CVE-2008-7247
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkt0cdwACgkQNxpp46476aq8XwCdHSgV0FhbNqyBIMen7882DNVx
dlgAnAwbRyasDyz9VatRyfprBQI5xjEY
=q8IF
-----END PGP SIGNATURE-----
More information about the pkg-mysql-maint
mailing list