Total vulnerabilities in the database
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.
| Software | From | Fixed in |
|---|---|---|
| oracle / mysql | - | 5.1.48 |
| canonical / ubuntu_linux | 10.10 | 10.10.x |
| canonical / ubuntu_linux | 11.04 | 11.04.x |
| canonical / ubuntu_linux | 11.10 | 11.10.x |
| canonical / ubuntu_linux | 9.10 | 9.10.x |
| canonical / ubuntu_linux | 8.04 | 8.04.x |
| canonical / ubuntu_linux | 10.04 | 10.04.x |
| canonical / ubuntu_linux | 6.06 | 6.06.x |
| fedoraproject / fedora | 13 | 13.x |