[] NeoSense
E X P L O I T S
title author type platform port cve id

Oracle MySQL - 'ALTER DATABASE' Remote Denial of Service

Author: Shane Bester
type: dos
platform: multiple
port: 
date_added: 2010-08-03 
date_updated: 2010-08-03 
verified: 1 
codes: CVE-2010-2008;OSVDB-65851 
tags: 
aliases:  
screenshot_url:  
application_url: 
A vulnerability was reported in MySQL. A remote authenticated user can cause denial of service conditions.

This issue affects versions prior to MySQL 5.1.48.

A remote authenticated user can send a specially crafted ALTER DATABASE command to cause the target server to move a data directory into a new subdirectory, causing the data directory to become unusable.

A demonstration exploit request is provided [where "<special>" is "." or ".." or is a sequence that begins with "./" or "../"]:

ALTER DATABASE `#mysql50#<special>` UPGRADE DATA DIRECTORY NAME

Vendor advisory at:

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.