CVE-2008-7247
First published: Wed Nov 04 2009(Updated: )
sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MySQL (MySQL-common) | =5.0.0 | |
| MySQL (MySQL-common) | =5.0.1 | |
| MySQL (MySQL-common) | =5.0.2 | |
| MySQL (MySQL-common) | =5.0.3 | |
| MySQL (MySQL-common) | =5.0.4 | |
| MySQL (MySQL-common) | =5.0.5 | |
| MySQL (MySQL-common) | =5.0.5.0.21 | |
| MySQL (MySQL-common) | =5.0.10 | |
| MySQL (MySQL-common) | =5.0.15 | |
| MySQL (MySQL-common) | =5.0.16 | |
| MySQL (MySQL-common) | =5.0.17 | |
| MySQL (MySQL-common) | =5.0.20 | |
| MySQL (MySQL-common) | =5.0.22.1.0.1 | |
| MySQL (MySQL-common) | =5.0.24 | |
| MySQL (MySQL-common) | =5.0.30 | |
| MySQL (MySQL-common) | =5.0.36 | |
| MySQL (MySQL-common) | =5.0.44 | |
| MySQL (MySQL-common) | =5.0.54 | |
| MySQL (MySQL-common) | =5.0.56 | |
| MySQL (MySQL-common) | =5.0.60 | |
| MySQL (MySQL-common) | =5.0.66 | |
| MySQL (MySQL-common) | =5.0.82 | |
| MySQL (MySQL-common) | =5.1.5 | |
| MySQL (MySQL-common) | =5.1.23 | |
| MySQL (MySQL-common) | =5.1.32 | |
| MySQL (MySQL-common) | =6.0.9 | |
| Oracle MySQL | =5.0.0-alpha | |
| Oracle MySQL | =5.0.3-beta | |
| Oracle MySQL | =5.0.6 | |
| Oracle MySQL | =5.0.7 | |
| Oracle MySQL | =5.0.8 | |
| Oracle MySQL | =5.0.11 | |
| Oracle MySQL | =5.0.12 | |
| Oracle MySQL | =5.0.13 | |
| Oracle MySQL | =5.0.14 | |
| Oracle MySQL | =5.0.18 | |
| Oracle MySQL | =5.0.19 | |
| Oracle MySQL | =5.0.21 | |
| Oracle MySQL | =5.0.22 | |
| Oracle MySQL | =5.0.23 | |
| Oracle MySQL | =5.0.25 | |
| Oracle MySQL | =5.0.26 | |
| Oracle MySQL | =5.0.27 | |
| Oracle MySQL | =5.0.30-sp1 | |
| Oracle MySQL | =5.0.32 | |
| Oracle MySQL | =5.0.33 | |
| Oracle MySQL | =5.0.37 | |
| Oracle MySQL | =5.0.38 | |
| Oracle MySQL | =5.0.41 | |
| Oracle MySQL | =5.0.42 | |
| Oracle MySQL | =5.0.45 | |
| Oracle MySQL | =5.0.50 | |
| Oracle MySQL | =5.0.51 | |
| Oracle MySQL | =5.0.52 | |
| Oracle MySQL | =5.0.75 | |
| Oracle MySQL | =5.0.77 | |
| Oracle MySQL | =5.0.81 | |
| Oracle MySQL | =5.0.83 | |
| Oracle MySQL | =5.1 | |
| Oracle MySQL | =5.1.1 | |
| Oracle MySQL | =5.1.2 | |
| Oracle MySQL | =5.1.3 | |
| Oracle MySQL | =5.1.4 | |
| Oracle MySQL | =5.1.6 | |
| Oracle MySQL | =5.1.7 | |
| Oracle MySQL | =5.1.8 | |
| Oracle MySQL | =5.1.9 | |
| Oracle MySQL | =5.1.10 | |
| Oracle MySQL | =5.1.11 | |
| Oracle MySQL | =5.1.12 | |
| Oracle MySQL | =5.1.13 | |
| Oracle MySQL | =5.1.14 | |
| Oracle MySQL | =5.1.15 | |
| Oracle MySQL | =5.1.16 | |
| Oracle MySQL | =5.1.17 | |
| Oracle MySQL | =5.1.18 | |
| Oracle MySQL | =5.1.19 | |
| Oracle MySQL | =5.1.20 | |
| Oracle MySQL | =5.1.21 | |
| Oracle MySQL | =5.1.22 | |
| Oracle MySQL | =5.1.30 | |
| Oracle MySQL | =6.0.0 | |
| Oracle MySQL | =6.0.1 | |
| Oracle MySQL | =6.0.2 | |
| Oracle MySQL | =6.0.3 | |
| Oracle MySQL | =6.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.mysql.com/bug.php?id=39277
- http://marc.info/?l=oss-security&m=125908040022018&w=2
- http://lists.mysql.com/commits/59711
- https://bugzilla.redhat.com/show_bug.cgi?id=543619
- http://www.securityfocus.com/bid/38043
- http://secunia.com/advisories/38517
- http://ubuntu.com/usn/usn-897-1
- http://support.apple.com/kb/HT4077
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:044
- http://www.vupen.com/english/advisories/2010/1107
- http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
- http://www.ubuntu.com/usn/USN-1397-1
- https://access.redhat.com/security/cve/CVE-2008-7247
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7247
- http://lists.mysql.com/commits/91835
- https://access.redhat.com/security/cve/CVE-2008-4098
- http://bugs.mysql.com/file.php?id=10707&text=1
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=543619#c4
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=553653
- http://admin.fedoraproject.org/updates/mysql-5.1.42-7.fc12
- http://admin.fedoraproject.org/updates/mysql-5.1.42-7.fc11
- https://www.cve.org/CVERecord?id=CVE-2008-7247 https://nvd.nist.gov/vuln/detail/CVE-2008-7247
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7247.json
Frequently Asked Questions
What is the severity of CVE-2008-7247?
CVE-2008-7247 has a high severity as it allows authenticated users to bypass access restrictions, potentially leading to unauthorized data access.
How do I fix CVE-2008-7247?
To fix CVE-2008-7247, update MySQL to a version newer than 5.0.88 or 5.1.41, or apply any provided patches that address this vulnerability.
Which versions of MySQL are affected by CVE-2008-7247?
CVE-2008-7247 affects MySQL versions 5.0.5 through 5.0.88 and 5.1.5 through 5.1.41, as well as 6.0 before 6.0.9-alpha.
What causes the vulnerability in CVE-2008-7247?
CVE-2008-7247 is caused by MySQL allowing remote authenticated users to use CREATE TABLE with a DATA DIRECTORY option that points to a symlink, bypassing intended access controls.
Who can be impacted by CVE-2008-7247?
Any environment running the affected versions of MySQL with remote authenticated users may be impacted by CVE-2008-7247, risking unauthorized data access.
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2008-7247
- collector/redhat-cve
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/mysql
- canonical/mysql (mysql-common)
- version/mysql (mysql-common)/5.0.0
- version/mysql (mysql-common)/5.0.1
- version/mysql (mysql-common)/5.0.2
- version/mysql (mysql-common)/5.0.3
- version/mysql (mysql-common)/5.0.4
- version/mysql (mysql-common)/5.0.5
- version/mysql (mysql-common)/5.0.5.0.21
- version/mysql (mysql-common)/5.0.10
- version/mysql (mysql-common)/5.0.15
- version/mysql (mysql-common)/5.0.16
- version/mysql (mysql-common)/5.0.17
- version/mysql (mysql-common)/5.0.20
- version/mysql (mysql-common)/5.0.22.1.0.1
- version/mysql (mysql-common)/5.0.24
- version/mysql (mysql-common)/5.0.30
- version/mysql (mysql-common)/5.0.36
- version/mysql (mysql-common)/5.0.44
- version/mysql (mysql-common)/5.0.54
- version/mysql (mysql-common)/5.0.56
- version/mysql (mysql-common)/5.0.60
- version/mysql (mysql-common)/5.0.66
- version/mysql (mysql-common)/5.0.82
- version/mysql (mysql-common)/5.1.5
- version/mysql (mysql-common)/5.1.23
- version/mysql (mysql-common)/5.1.32
- version/mysql (mysql-common)/6.0.9
- vendor/oracle
- canonical/oracle mysql
- version/oracle mysql/5.0.0-alpha
- version/oracle mysql/5.0.3-beta
- version/oracle mysql/5.0.6
- version/oracle mysql/5.0.7
- version/oracle mysql/5.0.8
- version/oracle mysql/5.0.11
- version/oracle mysql/5.0.12
- version/oracle mysql/5.0.13
- version/oracle mysql/5.0.14
- version/oracle mysql/5.0.18
- version/oracle mysql/5.0.19
- version/oracle mysql/5.0.21
- version/oracle mysql/5.0.22
- version/oracle mysql/5.0.23
- version/oracle mysql/5.0.25
- version/oracle mysql/5.0.26
- version/oracle mysql/5.0.27
- version/oracle mysql/5.0.30-sp1
- version/oracle mysql/5.0.32
- version/oracle mysql/5.0.33
- version/oracle mysql/5.0.37
- version/oracle mysql/5.0.38
- version/oracle mysql/5.0.41
- version/oracle mysql/5.0.42
- version/oracle mysql/5.0.45
- version/oracle mysql/5.0.50
- version/oracle mysql/5.0.51
- version/oracle mysql/5.0.52
- version/oracle mysql/5.0.75
- version/oracle mysql/5.0.77
- version/oracle mysql/5.0.81
- version/oracle mysql/5.0.83
- version/oracle mysql/5.1
- version/oracle mysql/5.1.1
- version/oracle mysql/5.1.2
- version/oracle mysql/5.1.3
- version/oracle mysql/5.1.4
- version/oracle mysql/5.1.6
- version/oracle mysql/5.1.7
- version/oracle mysql/5.1.8
- version/oracle mysql/5.1.9
- version/oracle mysql/5.1.10
- version/oracle mysql/5.1.11
- version/oracle mysql/5.1.12
- version/oracle mysql/5.1.13
- version/oracle mysql/5.1.14
- version/oracle mysql/5.1.15
- version/oracle mysql/5.1.16
- version/oracle mysql/5.1.17
- version/oracle mysql/5.1.18
- version/oracle mysql/5.1.19
- version/oracle mysql/5.1.20
- version/oracle mysql/5.1.21
- version/oracle mysql/5.1.22
- version/oracle mysql/5.1.30
- version/oracle mysql/6.0.0
- version/oracle mysql/6.0.1
- version/oracle mysql/6.0.2
- version/oracle mysql/6.0.3
- version/oracle mysql/6.0.4