fkie_cve-2010-1626
Vulnerability from fkie_nvd
Published
2010-05-21 17:30
Modified
2025-04-11 00:51
Severity ?
Summary
MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.
References
secalert@redhat.comhttp://bugs.mysql.com/bug.php?id=40980Patch
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
secalert@redhat.comhttp://securitytracker.com/id?1024004
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:101
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2010/05/10/2
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2010/05/18/4
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0442.html
secalert@redhat.comhttp://www.securityfocus.com/bid/40257
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1397-1
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/1194Vendor Advisory
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9490
af854a3a-2127-422b-91ae-364da2661108http://bugs.mysql.com/bug.php?id=40980Patch
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1024004
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:101
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/05/10/2
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/05/18/4
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0442.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/40257
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1397-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1194Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9490
Impacted products
Vendor Product Version
mysql mysql *
mysql mysql 5.0.5.0.21
mysql mysql 5.0.15
mysql mysql 5.0.16
mysql mysql 5.0.17
mysql mysql 5.0.20
mysql mysql 5.0.24
mysql mysql 5.0.45b
mysql mysql 5.0.82
mysql mysql 5.0.84
mysql mysql 5.0.87
mysql mysql 5.1.5
mysql mysql 5.1.23
mysql mysql 5.1.31
mysql mysql 5.1.32
mysql mysql 5.1.34
mysql mysql 5.1.37
oracle mysql 5.0.18
oracle mysql 5.0.19
oracle mysql 5.0.21
oracle mysql 5.0.22
oracle mysql 5.0.23
oracle mysql 5.0.27
oracle mysql 5.0.33
oracle mysql 5.0.37
oracle mysql 5.0.41
oracle mysql 5.0.45
oracle mysql 5.0.51
oracle mysql 5.0.67
oracle mysql 5.0.75
oracle mysql 5.0.77
oracle mysql 5.0.81
oracle mysql 5.0.83
oracle mysql 5.0.85
oracle mysql 5.0.86
oracle mysql 5.0.88
oracle mysql 5.0.89
oracle mysql 5.0.90
oracle mysql 5.0.91
oracle mysql 5.1.30
oracle mysql 5.1.33
oracle mysql 5.1.35
oracle mysql 5.1.36
oracle mysql 5.1.38
oracle mysql 5.1.39
oracle mysql 5.1.40
oracle mysql 5.1.41
oracle mysql 5.1.42
oracle mysql 5.1.43
oracle mysql 5.1.44


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4BB16B9-9AE0-4A7A-B284-80F81D941462",
              "versionEndIncluding": "5.1.45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDA03768-74D2-4C5D-ABCF-8A91F9E6C273",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "45E686C3-4100-465C-9F45-068580B496E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E9F09D8-6FAE-4A5B-AE04-248CD52C5FF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB618DB2-6B00-4E99-8232-937D2C51986B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "665E063D-355D-4A5A-A05F-36BF582DE36F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4C6CD84-EA5D-451F-AFC3-5F7094F0017D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.45b:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A439745-2C5C-4AD1-AC41-35168806F780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.82:*:*:*:*:*:*:*",
              "matchCriteriaId": "9369CF20-D05C-41A2-8F9E-DE259FCF9E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.84:*:*:*:*:*:*:*",
              "matchCriteriaId": "34DDFA0E-91D5-4B4C-8BB7-58B663D7F94F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.87:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CBB79BC-E3DD-439F-A19C-A8CA70942EC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "35BED939-3366-4CBF-B6BF-29C0C42E97F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.1.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D0F7A49-62A2-4201-B6F3-8DB9902A4480",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.1.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C56D394-4CE1-4237-A681-1474B5436CC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.1.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2BFBC7B-5C23-4CDB-AE4F-721378C36B07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.1.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "F68CA8CA-2755-450A-80E2-286A571987F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.1.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "6287E2C9-DF38-4E4E-A8E4-6AC6ADDC920D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "053ACE9B-A146-42C0-ADB2-47F6119965D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "30B4F891-2A03-45A8-A49C-7F8B8F7D8407",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "69E62AC4-954E-476C-98BE-C138E328AE7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B88385C-F5FB-401F-80D5-5BF11CE3C19D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA586E2B-A349-47C8-A17C-DA9016C6C3B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "11873AEA-5D6C-4AC0-915A-8A2869B2EFF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "5965032E-5BC0-4E69-B097-F9EE2B24C861",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "35F21A5A-F9C0-4860-80AD-1D3937483F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "4413BB52-6FBD-4C12-8864-ADDC65E45B25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53A8437-C61A-4203-B341-B5596569E50B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8EBAE3C-F24D-4935-96BF-9541EC03B8F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.67:*:*:*:*:*:*:*",
              "matchCriteriaId": "C98C5EFF-B629-4FFF-B535-0C25DADD1C25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA3E354-4366-46B5-ACD2-E72D0C8320A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C002047-0FB1-4DC6-9108-B4B5AAFAC16A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "584C0690-2826-4389-95AD-42048AEE1916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.83:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CB85180-0F28-4281-BB59-E3F29BE25C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.85:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E96AD6D-3AC1-4232-B0A9-C31E1BF6B169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.86:*:*:*:*:*:*:*",
              "matchCriteriaId": "565E57C0-B6B9-4868-8907-B436E5D5C56F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.88:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A53D5E1-70FE-4816-B919-C6CCC4D93F56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.89:*:*:*:*:*:*:*",
              "matchCriteriaId": "5539B564-D3BD-4E25-A65F-57187C9DAC59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "77E5871A-25F8-4EE6-B286-142F3A6222F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA1024DA-7B19-4EC0-AD21-C521B14C44B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "31B9607A-1E58-4471-BEDE-03484A1E9739",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDCB266F-E642-4447-8B9C-A58ED4D29227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB79189C-344C-4D5D-A8D8-C3852F7BCFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "63A48A7A-8DE5-4278-AD0B-4736B45DF337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "34E9C1C2-3F7E-4447-92B8-8D4F2A623812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "25A6FDB0-A86C-4312-AB75-C2A942315DE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "F47B75E9-46C7-45D9-86FA-CBD2B2F853BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "D04AF072-B257-4025-BDD2-9B1519899ECE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2D79B84-CDC7-4F8B-A59A-E808ED05CC58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.43:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F0CA63-8A14-42C0-BD75-C38ACC121EDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1E7868A-070E-4CF7-9A6E-1C20F0CC34CB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MySQL before 5.1.46 allows local users to delete the data and index files of another user\u0027s MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247."
    },
    {
      "lang": "es",
      "value": "MySQL en versiones anteriores a la v5.1.46 permite a los usuarios locales borrar los datos e \u00edndices de ficheros de tablas MyISAM de otros usuarios a trav\u00e9s de un  ataque de enlace simb\u00f3lico junto con un comando DROP TABLE, una vulnerabilidad diferente a la CVE-2008-4098 y CVE-2008-7247."
    }
  ],
  "id": "CVE-2010-1626",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-05-21T17:30:01.490",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://bugs.mysql.com/bug.php?id=40980"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1024004"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:101"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2010/05/10/2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2010/05/18/4"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0442.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/40257"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1397-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1194"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://bugs.mysql.com/bug.php?id=40980"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1024004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/05/10/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/05/18/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0442.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/40257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1397-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1194"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9490"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        },
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.