29 Jul
2010
29 Jul
'10
3:56 p.m.
This seems to affect the released versions of MariaDB as well since they are based on 5.1.47 upstream as far as I can tell. CVE-2010-2008 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2008): MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.