header-logo
Suggest Exploit
vendor:
MySQL
by:
N/A
7,5
CVSS
HIGH
Denial of Service
20
CWE
Product Name: MySQL
Affected Version From: Prior to MySQL 5.1.48
Affected Version To: Prior to MySQL 5.1.48
Patch Exists: YES
Related CWE: N/A
CPE: mysql:mysql
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

MySQL Denial of Service Vulnerability

A remote authenticated user can send a specially crafted ALTER DATABASE command to cause the target server to move a data directory into a new subdirectory, causing the data directory to become unusable.

Mitigation:

Upgrade to MySQL 5.1.48 or later.
Source

Exploit-DB raw data:

A vulnerability was reported in MySQL. A remote authenticated user can cause denial of service conditions.

This issue affects versions prior to MySQL 5.1.48. 

A remote authenticated user can send a specially crafted ALTER DATABASE command to cause the target server to move a data directory into a new subdirectory, causing the data directory to become unusable.

A demonstration exploit request is provided [where "<special>" is "." or ".." or is a sequence that begins with "./" or "../"]:

ALTER DATABASE `#mysql50#<special>` UPGRADE DATA DIRECTORY NAME

Vendor advisory at:

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html

Navigation

Suggest Exploit

Services By CQR