- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 14537
- Проверка EDB
-
- Пройдено
- Автор
- SHANE BESTER
- Тип уязвимости
- DOS
- Платформа
- MULTIPLE
- CVE
- cve-2010-2008
- Дата публикации
- 2010-08-03
Код:
A vulnerability was reported in MySQL. A remote authenticated user can cause denial of service conditions.
This issue affects versions prior to MySQL 5.1.48.
A remote authenticated user can send a specially crafted ALTER DATABASE command to cause the target server to move a data directory into a new subdirectory, causing the data directory to become unusable.
A demonstration exploit request is provided [where "<special>" is "." or ".." or is a sequence that begins with "./" or "../"]:
ALTER DATABASE `#mysql50#<special>` UPGRADE DATA DIRECTORY NAME
Vendor advisory at:
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html- Источник
- www.exploit-db.com
