Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2008 to
the following vulnerability:

Name: CVE-2010-2008
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2008
Assigned: 20100521
Reference: CONFIRM: http://bugs.mysql.com/bug.php?id=53804
Reference: CONFIRM: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html
Reference: BID:41198
Reference: URL: http://www.securityfocus.com/bid/41198
Reference: SECTRACK:1024160
Reference: URL: http://www.securitytracker.com/id?1024160
Reference: SECUNIA:40333
Reference: URL: http://secunia.com/advisories/40333

MySQL before 5.1.48 allows remote authenticated users with alter
database privileges to cause a denial of service (server crash and
database loss) via an ALTER DATABASE command with a #mysql50# string
followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar
sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes
MySQL to move certain directories to the server data directory.


NOTE: The CVE description above is not entirely correct.  The '#mysql50#' string is incidental; it's the special commands at the end that make the difference.

Also note that the UPGRADE DATA DIRECTORY NAME [1] was introduced in MySQL 5.1.23 in order to encode database names to make them safe on all operating systems.  So any database names with special characters in them (i.e. '-', '.', ':', etc would get automatically encoded on upgrades from previous versions of MySQL to a >=5.1.23 install (could affect migrations from Red Hat Enterprise Linux 5 to 6).

This only affects Red Hat Enterprise Linux 6 beta and Fedora (rawhide has 5.1.48 which has the issue corrected).

[1] http://dev.mysql.com/doc/refman/5.1/en/alter-database.html