Vulnerability Details : CVE-2008-7247
sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.
Products affected by CVE-2008-7247
- cpe:2.3:a:oracle:mysql:5.0.33:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.32:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.27:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.37:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:6.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.52:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.20:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.42:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.22:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.38:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.50:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.21:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.75:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.77:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.81:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.83:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.1.30:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.22.1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.30:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.36:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.44:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.60:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.54:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.56:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.66:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.1.23:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.1.32:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:5.0.82:*:*:*:*:*:*:*
- cpe:2.3:a:mysql:mysql:6.0.9:*:*:*:*:*:*:*
Threat overview for CVE-2008-7247
Top countries where our scanners detected CVE-2008-7247
Top open port discovered on systems with this issue
3306
IPs affected by CVE-2008-7247 13,904
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2008-7247!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2008-7247
0.50%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-7247
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST |
CWE ids for CVE-2008-7247
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-7247
-
Red Hat 2009-12-21Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3, 4, or 5.
References for CVE-2008-7247
-
http://www.securityfocus.com/bid/38043
-
http://lists.mysql.com/commits/59711
Exploit
-
http://www.vupen.com/english/advisories/2010/1107
Webmail | OVH- OVH
-
http://ubuntu.com/usn/usn-897-1
-
http://bugs.mysql.com/bug.php?id=39277
Exploit
-
http://support.apple.com/kb/HT4077
About the security content of Security Update 2010-002 / Mac OS X v10.6.3 - Apple Support
-
https://bugzilla.redhat.com/show_bug.cgi?id=543619
-
http://www.ubuntu.com/usn/USN-1397-1
USN-1397-1: MySQL vulnerabilities | Ubuntu security notices
-
http://marc.info/?l=oss-security&m=125908040022018&w=2
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:044
-
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:011
-
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Apple - Lists.apple.com
-
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:021
Jump to