VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-1848

mysql: Directory traversal vulnerability in MySQL 5.0 thro...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1848

Original

Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-06-08

Source Information Category:

Advisory, Alert

Last Updated:

2010-06-08

Affected Product Tags

cpe:/a:mysql:mysql:5.0

cpe:/a:mysql:mysql:5.0.0

cpe:/a:mysql:mysql:5.0.0.0

cpe:/a:mysql:mysql:5.0.0:alpha

cpe:/a:mysql:mysql:5.0.1

cpe:/a:mysql:mysql:5.0.10

cpe:/a:mysql:mysql:5.0.10a

cpe:/a:mysql:mysql:5.0.11

cpe:/a:mysql:mysql:5.0.12

cpe:/a:mysql:mysql:5.0.13

cpe:/a:mysql:mysql:5.0.14

cpe:/a:mysql:mysql:5.0.15

cpe:/a:mysql:mysql:5.0.15a

cpe:/a:mysql:mysql:5.0.16

cpe:/a:mysql:mysql:5.0.16a

cpe:/a:mysql:mysql:5.0.17

cpe:/a:mysql:mysql:5.0.17a

cpe:/a:mysql:mysql:5.0.18

cpe:/a:mysql:mysql:5.0.19

cpe:/a:mysql:mysql:5.0.1a

cpe:/a:mysql:mysql:5.0.2

cpe:/a:mysql:mysql:5.0.20

cpe:/a:mysql:mysql:5.0.20a

cpe:/a:mysql:mysql:5.0.21

cpe:/a:mysql:mysql:5.0.22

cpe:/a:mysql:mysql:5.0.23

cpe:/a:mysql:mysql:5.0.24

cpe:/a:mysql:mysql:5.0.24a

cpe:/a:mysql:mysql:5.0.27

cpe:/a:mysql:mysql:5.0.3

cpe:/a:mysql:mysql:5.0.33

cpe:/a:mysql:mysql:5.0.37

cpe:/a:mysql:mysql:5.0.3:beta

cpe:/a:mysql:mysql:5.0.3a

cpe:/a:mysql:mysql:5.0.4

cpe:/a:mysql:mysql:5.0.41

cpe:/a:mysql:mysql:5.0.45

cpe:/a:mysql:mysql:5.0.45b

cpe:/a:mysql:mysql:5.0.4a

cpe:/a:mysql:mysql:5.0.5

cpe:/a:mysql:mysql:5.0.5.0.21

cpe:/a:mysql:mysql:5.0.51a

cpe:/a:mysql:mysql:5.0.51b

cpe:/a:mysql:mysql:5.0.6

cpe:/a:mysql:mysql:5.0.67

cpe:/a:mysql:mysql:5.0.7

cpe:/a:mysql:mysql:5.0.75

cpe:/a:mysql:mysql:5.0.77

cpe:/a:mysql:mysql:5.0.8

cpe:/a:mysql:mysql:5.0.81

cpe:/a:mysql:mysql:5.0.82

cpe:/a:mysql:mysql:5.0.83

cpe:/a:mysql:mysql:5.0.84

cpe:/a:mysql:mysql:5.0.85

cpe:/a:mysql:mysql:5.0.86

cpe:/a:mysql:mysql:5.0.87

cpe:/a:mysql:mysql:5.0.88

cpe:/a:mysql:mysql:5.0.89

cpe:/a:mysql:mysql:5.0.9

cpe:/a:mysql:mysql:5.0.90

cpe:/a:mysql:mysql:5.0.91

cpe:/a:mysql:mysql:5.1

cpe:/a:mysql:mysql:5.1.1

cpe:/a:mysql:mysql:5.1.10

cpe:/a:mysql:mysql:5.1.11

cpe:/a:mysql:mysql:5.1.12

cpe:/a:mysql:mysql:5.1.13

cpe:/a:mysql:mysql:5.1.14

cpe:/a:mysql:mysql:5.1.15

cpe:/a:mysql:mysql:5.1.16

cpe:/a:mysql:mysql:5.1.17

cpe:/a:mysql:mysql:5.1.2

cpe:/a:mysql:mysql:5.1.23

cpe:/a:mysql:mysql:5.1.23a

cpe:/a:mysql:mysql:5.1.3

cpe:/a:mysql:mysql:5.1.30

cpe:/a:mysql:mysql:5.1.31

cpe:/a:mysql:mysql:5.1.32

cpe:/a:mysql:mysql:5.1.33

cpe:/a:mysql:mysql:5.1.34

cpe:/a:mysql:mysql:5.1.35

cpe:/a:mysql:mysql:5.1.36

cpe:/a:mysql:mysql:5.1.37

cpe:/a:mysql:mysql:5.1.38

cpe:/a:mysql:mysql:5.1.39

cpe:/a:mysql:mysql:5.1.4

cpe:/a:mysql:mysql:5.1.40

cpe:/a:mysql:mysql:5.1.41

cpe:/a:mysql:mysql:5.1.42

cpe:/a:mysql:mysql:5.1.43

cpe:/a:mysql:mysql:5.1.44

cpe:/a:mysql:mysql:5.1.45

cpe:/a:mysql:mysql:5.1.46

cpe:/a:mysql:mysql:5.1.5

cpe:/a:mysql:mysql:5.1.5a

cpe:/a:mysql:mysql:5.1.6

cpe:/a:mysql:mysql:5.1.7

cpe:/a:mysql:mysql:5.1.8

cpe:/a:mysql:mysql:5.1.9

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

CONFIRM http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html

CONFIRM http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html

CONFIRM http://bugs.mysql.com/bug.php?id=53371

MANDRIVA MDVSA-2010:107

MISC http://lists.mysql.com/commits/107532

REDHAT RHSA-2010:0442

SECTRACK 1024031

Vulnerability Type Path Traversal (CWE-22)