cve-2009-4030
Vulnerability from cvelistv5
Published
2009-11-30 17:00
Modified
2024-08-07 06:45
Severity ?
Summary
MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
References
secalert@redhat.comhttp://bugs.mysql.com/bug.php?id=32167
secalert@redhat.comhttp://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
secalert@redhat.comhttp://lists.mysql.com/commits/89940
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
secalert@redhat.comhttp://marc.info/?l=oss-security&m=125908040022018&w=2
secalert@redhat.comhttp://marc.info/?l=oss-security&m=125908080222685&w=2
secalert@redhat.comhttp://secunia.com/advisories/38517
secalert@redhat.comhttp://secunia.com/advisories/38573
secalert@redhat.comhttp://support.apple.com/kb/HT4077
secalert@redhat.comhttp://ubuntu.com/usn/usn-897-1
secalert@redhat.comhttp://www.debian.org/security/2010/dsa-1997
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2009/11/19/3
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2009/11/24/6
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0109.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0110.html
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1397-1
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/1107
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11116
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8156
af854a3a-2127-422b-91ae-364da2661108http://bugs.mysql.com/bug.php?id=32167
af854a3a-2127-422b-91ae-364da2661108http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.mysql.com/commits/89940
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=125908040022018&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=125908080222685&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38517
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38573
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT4077
af854a3a-2127-422b-91ae-364da2661108http://ubuntu.com/usn/usn-897-1
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-1997
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2009/11/19/3
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2009/11/24/6
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0109.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0110.html
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1397-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1107
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11116
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8156
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:45:51.096Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "38573",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38573"
          },
          {
            "name": "USN-1397-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1397-1"
          },
          {
            "name": "38517",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38517"
          },
          {
            "name": "RHSA-2010:0109",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0109.html"
          },
          {
            "name": "ADV-2010-1107",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1107"
          },
          {
            "name": "[oss-security] 20091124 Re: mysql-5.1.41",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/24/6"
          },
          {
            "name": "USN-897-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-897-1"
          },
          {
            "name": "SUSE-SR:2010:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
          },
          {
            "name": "APPLE-SA-2010-03-29-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
          },
          {
            "name": "[oss-security] 20091119 mysql-5.1.41",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/19/3"
          },
          {
            "name": "[oss-security] 20091124 Re: mysql-5.1.41",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=125908080222685\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4077"
          },
          {
            "name": "[oss-security] 20091124 Re: mysql-5.1.41",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=125908040022018\u0026w=2"
          },
          {
            "name": "oval:org.mitre.oval:def:11116",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11116"
          },
          {
            "name": "RHSA-2010:0110",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0110.html"
          },
          {
            "name": "SUSE-SR:2010:021",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.mysql.com/bug.php?id=32167"
          },
          {
            "name": "[commits] 20091110 bzr commit into mysql-5.0-bugteam branch (joro:2845) Bug#32167",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.mysql.com/commits/89940"
          },
          {
            "name": "oval:org.mitre.oval:def:8156",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8156"
          },
          {
            "name": "DSA-1997",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-1997"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T18:57:02",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "38573",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38573"
        },
        {
          "name": "USN-1397-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1397-1"
        },
        {
          "name": "38517",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38517"
        },
        {
          "name": "RHSA-2010:0109",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0109.html"
        },
        {
          "name": "ADV-2010-1107",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1107"
        },
        {
          "name": "[oss-security] 20091124 Re: mysql-5.1.41",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/24/6"
        },
        {
          "name": "USN-897-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-897-1"
        },
        {
          "name": "SUSE-SR:2010:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
        },
        {
          "name": "APPLE-SA-2010-03-29-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
        },
        {
          "name": "[oss-security] 20091119 mysql-5.1.41",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/19/3"
        },
        {
          "name": "[oss-security] 20091124 Re: mysql-5.1.41",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=125908080222685\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4077"
        },
        {
          "name": "[oss-security] 20091124 Re: mysql-5.1.41",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=125908040022018\u0026w=2"
        },
        {
          "name": "oval:org.mitre.oval:def:11116",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11116"
        },
        {
          "name": "RHSA-2010:0110",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0110.html"
        },
        {
          "name": "SUSE-SR:2010:021",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.mysql.com/bug.php?id=32167"
        },
        {
          "name": "[commits] 20091110 bzr commit into mysql-5.0-bugteam branch (joro:2845) Bug#32167",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.mysql.com/commits/89940"
        },
        {
          "name": "oval:org.mitre.oval:def:8156",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8156"
        },
        {
          "name": "DSA-1997",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-1997"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-4030",
    "datePublished": "2009-11-30T17:00:00",
    "dateReserved": "2009-11-20T00:00:00",
    "dateUpdated": "2024-08-07T06:45:51.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-4030\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2009-11-30T17:30:00.360\",\"lastModified\":\"2024-11-21T01:08:46.767\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.\"},{\"lang\":\"es\",\"value\":\"MySQL v5.1.x anteriores a v5.1.41 permite a usuarios locales evitar ciertas comprobaciones de privilegios invocando CREATE TABLE en una tabla MyISAM con los argumentos (1) DATA DIRECTORY o (2) INDEX DIRECTORY modificados que estan originariamente asociados con pathnames (rutas) sin symlinks, y que pueden apuntar a tables creadas en un futuro en el cual un pathname (ruta) es modificado para contener un symlink a un subdirectorio del directorio home de datos de MySQL. Vulnerabilidad relacionada con una c\u00e1lculo incorrecto del valor mysql_unpacked_real_data_home value.  NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta al CVE-2008-4098 y CVE-2008-2079.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":4.4,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35BED939-3366-4CBF-B6BF-29C0C42E97F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mysql:mysql:5.1.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D0F7A49-62A2-4201-B6F3-8DB9902A4480\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mysql:mysql:5.1.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2BFBC7B-5C23-4CDB-AE4F-721378C36B07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F58612F4-1CAC-4BFC-A9B2-3D4025F428FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73F49A1D-BCA3-4772-8AB3-621CCC997B3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F719DD8E-8379-43C3-97F9-DE350E457F7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:5.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"342BB65B-1358-441C-B59A-1756BCC6414A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:5.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8589B1E7-0D6D-44B4-A36E-8225C5D15828\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:5.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88FEEE64-899F-4F55-B829-641706E29E32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:5.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8597F56-BB14-480C-91CD-CAB96A9DDD8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:5.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F4C5C88-95A7-4DDA-BC2F-CAFA47B0D67A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:5.1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EB2323C-EFE2-407A-9AE9-8717FA9F8625\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6341F695-6034-4CC1-9485-ACD3A0E1A079\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1DF5F19-ECD9-457F-89C6-6F0271CF4766\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"446DB5E9-EF4C-4A53-911E-91A802AECA5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5829BE6A-BC58-482B-9DA1-04FDD413A7A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C85D20DF-702B-4F0B-922D-782474A4B663\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73A09785-3CA4-4797-A836-A958DCDC322F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4DE3D79-0966-4E14-9288-7C269A2CEEC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"564F6A24-BEB3-4420-A633-8AD54C292436\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:5.1.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"047FBCCD-DE7C-41FA-80A3-AD695C643C7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:5.1.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"687CC501-4CB2-4295-86F6-A5E45DEC2D0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:5.1.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"822A718D-AD9D-4AB9-802F-5F5C6309D809\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:5.1.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA2D4002-FD96-462D-BA55-4624170CAA4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:5.1.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A40FE1C-6EB0-4C75-867E-B1F8408E5A0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:5.1.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31B9607A-1E58-4471-BEDE-03484A1E9739\"}]}]}],\"references\":[{\"url\":\"http://bugs.mysql.com/bug.php?id=32167\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.mysql.com/commits/89940\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=oss-security\u0026m=125908040022018\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=oss-security\u0026m=125908080222685\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/38517\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/38573\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.apple.com/kb/HT4077\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://ubuntu.com/usn/usn-897-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2010/dsa-1997\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2009/11/19/3\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2009/11/24/6\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0109.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0110.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1397-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1107\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11116\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8156\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://bugs.mysql.com/bug.php?id=32167\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.mysql.com/commits/89940\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=oss-security\u0026m=125908040022018\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=oss-security\u0026m=125908080222685\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38517\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38573\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT4077\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://ubuntu.com/usn/usn-897-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2010/dsa-1997\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2009/11/19/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2009/11/24/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0109.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0110.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1397-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1107\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11116\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8156\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.