Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2008 to the following vulnerability: Name: CVE-2010-2008 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2008 Assigned: 20100521 Reference: CONFIRM: http://bugs.mysql.com/bug.php?id=53804 Reference: CONFIRM: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html Reference: BID:41198 Reference: URL: http://www.securityfocus.com/bid/41198 Reference: SECTRACK:1024160 Reference: URL: http://www.securitytracker.com/id?1024160 Reference: SECUNIA:40333 Reference: URL: http://secunia.com/advisories/40333 MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory. NOTE: The CVE description above is not entirely correct. The '#mysql50#' string is incidental; it's the special commands at the end that make the difference. Also note that the UPGRADE DATA DIRECTORY NAME [1] was introduced in MySQL 5.1.23 in order to encode database names to make them safe on all operating systems. So any database names with special characters in them (i.e. '-', '.', ':', etc would get automatically encoded on upgrades from previous versions of MySQL to a >=5.1.23 install (could affect migrations from Red Hat Enterprise Linux 5 to 6). This only affects Red Hat Enterprise Linux 6 beta and Fedora (rawhide has 5.1.48 which has the issue corrected). [1] http://dev.mysql.com/doc/refman/5.1/en/alter-database.html
Created mysql tracking bugs for this issue Affects: fedora-all [bug 614216]
mysql-5.1.48-2.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
mysql-5.1.47-2.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.