Your submission was sent successfully! Close

CVE-2010-1848

Published: 21 May 2010

Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.

Priority

Medium

Status

Package Release Status
mysql-5.1
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

jaunty Does not exist

karmic Does not exist

lucid Does not exist

maverick Not vulnerable
(5.1.47-1ubuntu1)
natty Not vulnerable
(5.1.47-1ubuntu1)
upstream Needs triage

mysql-dfsg-5.0
Launchpad, Ubuntu, Debian
dapper
Released (5.0.22-0ubuntu6.06.14)
hardy
Released (5.0.51a-3ubuntu5.7)
jaunty
Released (5.1.30really5.0.75-0ubuntu10.5)
karmic Ignored
(reached end-of-life)
lucid Does not exist

maverick Does not exist

natty Does not exist

upstream
Released (5.0.91)
Patches:
upstream: http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0-bugteam/revision/2861

mysql-dfsg-5.1
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

jaunty Ignored
(reached end-of-life)
karmic
Released (5.1.37-1ubuntu5.4)
lucid
Released (5.1.41-3ubuntu12.3)
maverick Does not exist

natty Does not exist

upstream
Released (5.1.47)
Patches:

upstream: http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1-bugteam/revision/3367