Rapid7 Vulnerability & Exploit Database

ELSA-2010-0824 Moderate: Oracle Linux mysql security update

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

ELSA-2010-0824 Moderate: Oracle Linux mysql security update

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

06/07/2010

Created

07/25/2018

Added

12/20/2011

Modified

07/04/2017

Description

Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.

Solution(s)

oracle-linux-upgrade-mysql
oracle-linux-upgrade-mysql-bench
oracle-linux-upgrade-mysql-devel
oracle-linux-upgrade-mysql-server

References

https://attackerkb.com/topics/cve-2010-1848
APPLE-SA-2010-11-10-1
42633
43676
CVE - 2010-1848
CVE - 2010-3681
CVE - 2010-3840
DSA-2143
OVAL10258
OVAL7210
RHSA-2010:0442
RHSA-2010:0824
RHSA-2010:0825
RHSA-2011:0164
http://oss.oracle.com/pipermail/el-errata/2010-November/001722.html
64685
64838

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

ELSA-2010-0824 Moderate: Oracle Linux mysql security update

ELSA-2010-0824 Moderate: Oracle Linux mysql security update

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.