CVE-2010-2008

Priority
Description
MySQL before 5.1.48 allows remote authenticated users with alter database
privileges to cause a denial of service (server crash and database loss)
via an ALTER DATABASE command with a #mysql50# string followed by a .
(dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an
UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain
directories to the server data directory.
Notes
jdstrandPoC in upstream report (remeber to add UPGRADE DATA DIRECTORY NAME)
Package
Upstream:released (5.1.48, 5.5.5)
Package
Upstream:not-affected
Package
Upstream:not-affected
More Information

Updated: 2020-09-10 01:35:59 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)