CVE-2010-1848
Published: 21 May 2010
Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
mysql-5.1 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Not vulnerable
(5.1.47-1ubuntu1)
|
|
| natty |
Not vulnerable
(5.1.47-1ubuntu1)
|
|
| upstream |
Needs triage
|
|
|
mysql-dfsg-5.0 Launchpad, Ubuntu, Debian |
dapper |
Released
(5.0.22-0ubuntu6.06.14)
|
| hardy |
Released
(5.0.51a-3ubuntu5.7)
|
|
| jaunty |
Released
(5.1.30really5.0.75-0ubuntu10.5)
|
|
| karmic |
Ignored
(end of life)
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| upstream |
Released
(5.0.91)
|
|
|
Patches: upstream: http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0-bugteam/revision/2861 |
||
|
mysql-dfsg-5.1 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| jaunty |
Ignored
(end of life)
|
|
| karmic |
Released
(5.1.37-1ubuntu5.4)
|
|
| lucid |
Released
(5.1.41-3ubuntu12.3)
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| upstream |
Released
(5.1.47)
|
|
|
Patches: upstream: http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1-bugteam/revision/3367 |
||