Published: 13/07/2010 Updated: 17/12/2019
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
VMScore: 355
Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

Vulnerability Summary

MySQL prior to 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.

Vendor Advisories

It was discovered that MySQL incorrectly handled certain requests with the UPGRADE DATA DIRECTORY NAME command An authenticated user could exploit this to make MySQL crash, causing a denial of service This issue only affected Ubuntu 910 and 1004 LTS (CVE-2010-2008) ...


A vulnerability was reported in MySQL A remote authenticated user can cause denial of service conditions This issue affects versions prior to MySQL 5148 A remote authenticated user can send a specially crafted ALTER DATABASE command to cause the target server to move a data directory into a new subdirectory, causing the data directory to be ...