REDHAT-BUG-543619
First published: Wed Dec 02 2009(Updated: )
Common Vulnerabilities and Exposures assigned an identifier <a href="https://access.redhat.com/security/cve/CVE-2008-7247">CVE-2008-7247</a> to the following vulnerability: sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink. References: ----------- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7247">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7247</a> <a href="http://lists.mysql.com/commits/59711">http://lists.mysql.com/commits/59711</a> <a href="http://marc.info/?l=oss-security&m=125908040022018&w=2">http://marc.info/?l=oss-security&m=125908040022018&w=2</a> <a href="http://bugs.mysql.com/bug.php?id=39277">http://bugs.mysql.com/bug.php?id=39277</a> Upstream patch: --------------- <a href="http://lists.mysql.com/commits/59711">http://lists.mysql.com/commits/59711</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MySQL Server | >=5.0.0<5.0.88>=5.1.0<5.1.41<6.0.9-alpha |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2008-7247
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7247
- http://lists.mysql.com/commits/59711
- http://marc.info/?l=oss-security&m=125908040022018&w=2
- http://bugs.mysql.com/bug.php?id=39277
- http://lists.mysql.com/commits/91835
- https://access.redhat.com/security/cve/CVE-2008-4098
- http://bugs.mysql.com/file.php?id=10707&text=1
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=543619#c4
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=553653
- http://admin.fedoraproject.org/updates/mysql-5.1.42-7.fc12
- http://admin.fedoraproject.org/updates/mysql-5.1.42-7.fc11
- https://bugzilla.redhat.com/show_bug.cgi?id=543619
Frequently Asked Questions
What is the severity of REDHAT-BUG-543619?
The severity of REDHAT-BUG-543619 is significant due to potential data exposure and unauthorized access.
How do I fix REDHAT-BUG-543619?
To fix REDHAT-BUG-543619, upgrade MySQL to a version beyond 5.1.41 or 6.0.9-alpha.
Which versions of MySQL are affected by REDHAT-BUG-543619?
MySQL versions 5.0.x through 5.0.88, 5.1.x through 5.1.41, and all 6.0.x versions before 6.0.9-alpha are affected.
What is the nature of the vulnerability in REDHAT-BUG-543619?
REDHAT-BUG-543619 involves an issue in sql/sql_table.cc that can lead to data home directory exposure.
Is there a workaround for REDHAT-BUG-543619?
There are no known workarounds for REDHAT-BUG-543619; updating to a secure version is recommended.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2008-7247
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/mysql
- canonical/mysql server