Test ID:	1.3.6.1.4.1.25623.1.0.801066
Category:	Denial of Service
Title:	MySQL Authenticated Access Restrictions Bypass Vulnerability
Summary:	MySQL is prone to Access restrictions Bypass Vulnerability
Description:	Summary: MySQL is prone to Access restrictions Bypass Vulnerability Vulnerability Insight: The flaw is due to an error while calling CREATE TABLE on a MyISAM table with modified DATA DIRECTORY or INDEX DIRECTORY. Vulnerability Impact: Successful exploitation could allow users to bypass intended access restrictions by calling CREATE TABLE with DATA DIRECTORY or INDEX DIRECTORY argument referring to a subdirectory. Affected Software/OS: MySQL 5.1.x before 5.1.41 on all running platform. Solution: Upgrade to MySQL version 5.1.41 or later. CVSS Score: 4.4 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4030 38517 http://secunia.com/advisories/38517 38573 http://secunia.com/advisories/38573 ADV-2010-1107 http://www.vupen.com/english/advisories/2010/1107 APPLE-SA-2010-03-29-1 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html DSA-1997 http://www.debian.org/security/2010/dsa-1997 RHSA-2010:0109 http://www.redhat.com/support/errata/RHSA-2010-0109.html RHSA-2010:0110 http://www.redhat.com/support/errata/RHSA-2010-0110.html SUSE-SR:2010:011 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html SUSE-SR:2010:021 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html USN-1397-1 http://www.ubuntu.com/usn/USN-1397-1 USN-897-1 http://ubuntu.com/usn/usn-897-1 [commits] 20091110 bzr commit into mysql-5.0-bugteam branch (joro:2845) Bug#32167 http://lists.mysql.com/commits/89940 [oss-security] 20091119 mysql-5.1.41 http://www.openwall.com/lists/oss-security/2009/11/19/3 [oss-security] 20091124 Re: mysql-5.1.41 http://marc.info/?l=oss-security&m=125908040022018&w=2 http://marc.info/?l=oss-security&m=125908080222685&w=2 http://www.openwall.com/lists/oss-security/2009/11/24/6 http://bugs.mysql.com/bug.php?id=32167 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html http://support.apple.com/kb/HT4077 oval:org.mitre.oval:def:11116 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11116 oval:org.mitre.oval:def:8156 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8156
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.