[debian-mysql] Bug#569484: CVE-2008-7247: bypass intended access restrictions

Giuseppe Iuculano iuculano at debian.org
Thu Feb 11 21:08:46 UTC 2010


Package: mysql-dfsg-5.1
Severity: important
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mysql-dfsg-5.1.

CVE-2008-7247[0]:
| sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41,
| and 6.0 before 6.0.9-alpha, when the data home directory contains a
| symlink to a different filesystem, allows remote authenticated users
| to bypass intended access restrictions by calling CREATE TABLE with a
| (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a
| subdirectory that requires following this symlink.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7247
    http://security-tracker.debian.org/tracker/CVE-2008-7247


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkt0cdwACgkQNxpp46476aq8XwCdHSgV0FhbNqyBIMen7882DNVx
dlgAnAwbRyasDyz9VatRyfprBQI5xjEY
=q8IF
-----END PGP SIGNATURE-----





More information about the pkg-mysql-maint mailing list