CVE-2010-1626

mysql: table destruction via DATA/INDEX DIRECTORY directives using symlinks

Severity Score

3.6

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.

MySQL en versiones anteriores a la v5.1.46 permite a los usuarios locales borrar los datos e índices de ficheros de tablas MyISAM de otros usuarios a través de un ataque de enlace simbólico junto con un comando DROP TABLE, una vulnerabilidad diferente a la CVE-2008-4098 y CVE-2008-7247.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

Partial

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-04-29 CVE Reserved
2010-05-20 CVE Published
2023-03-08 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-59: Improper Link Resolution Before File Access ('Link Following')
CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (14)

URL	Tag	Source
http://securitytracker.com/id?1024004	Vdb Entry
http://www.openwall.com/lists/oss-security/2010/05/10/2	Mailing List
http://www.openwall.com/lists/oss-security/2010/05/18/4	Mailing List
http://www.securityfocus.com/bid/40257	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9490	Signature

URL	Date	SRC

URL	Date	SRC
http://bugs.mysql.com/bug.php?id=40980	2019-12-17

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html	2019-12-17
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html	2019-12-17
http://www.mandriva.com/security/advisories?name=MDVSA-2010:101	2019-12-17
http://www.redhat.com/support/errata/RHSA-2010-0442.html	2019-12-17
http://www.ubuntu.com/usn/USN-1397-1	2019-12-17
http://www.vupen.com/english/advisories/2010/1194	2019-12-17
https://access.redhat.com/security/cve/CVE-2010-1626	2010-05-26
https://bugzilla.redhat.com/show_bug.cgi?id=553648	2010-05-26

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				<= 5.1.45 Search vendor "Mysql" for product "Mysql" and version " <= 5.1.45"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.5.0.21 Search vendor "Mysql" for product "Mysql" and version "5.0.5.0.21"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.15 Search vendor "Mysql" for product "Mysql" and version "5.0.15"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.16 Search vendor "Mysql" for product "Mysql" and version "5.0.16"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.17 Search vendor "Mysql" for product "Mysql" and version "5.0.17"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.20 Search vendor "Mysql" for product "Mysql" and version "5.0.20"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.24 Search vendor "Mysql" for product "Mysql" and version "5.0.24"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.45b Search vendor "Mysql" for product "Mysql" and version "5.0.45b"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.82 Search vendor "Mysql" for product "Mysql" and version "5.0.82"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.84 Search vendor "Mysql" for product "Mysql" and version "5.0.84"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.0.87 Search vendor "Mysql" for product "Mysql" and version "5.0.87"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.1.5 Search vendor "Mysql" for product "Mysql" and version "5.1.5"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.1.23 Search vendor "Mysql" for product "Mysql" and version "5.1.23"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.1.31 Search vendor "Mysql" for product "Mysql" and version "5.1.31"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.1.32 Search vendor "Mysql" for product "Mysql" and version "5.1.32"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.1.34 Search vendor "Mysql" for product "Mysql" and version "5.1.34"		-		Affected
Mysql Search vendor "Mysql"		Mysql Search vendor "Mysql" for product "Mysql"				5.1.37 Search vendor "Mysql" for product "Mysql" and version "5.1.37"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.18 Search vendor "Oracle" for product "Mysql" and version "5.0.18"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.19 Search vendor "Oracle" for product "Mysql" and version "5.0.19"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.21 Search vendor "Oracle" for product "Mysql" and version "5.0.21"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.22 Search vendor "Oracle" for product "Mysql" and version "5.0.22"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.23 Search vendor "Oracle" for product "Mysql" and version "5.0.23"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.27 Search vendor "Oracle" for product "Mysql" and version "5.0.27"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.33 Search vendor "Oracle" for product "Mysql" and version "5.0.33"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.37 Search vendor "Oracle" for product "Mysql" and version "5.0.37"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.41 Search vendor "Oracle" for product "Mysql" and version "5.0.41"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.45 Search vendor "Oracle" for product "Mysql" and version "5.0.45"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.51 Search vendor "Oracle" for product "Mysql" and version "5.0.51"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.67 Search vendor "Oracle" for product "Mysql" and version "5.0.67"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.75 Search vendor "Oracle" for product "Mysql" and version "5.0.75"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.77 Search vendor "Oracle" for product "Mysql" and version "5.0.77"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.81 Search vendor "Oracle" for product "Mysql" and version "5.0.81"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.83 Search vendor "Oracle" for product "Mysql" and version "5.0.83"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.85 Search vendor "Oracle" for product "Mysql" and version "5.0.85"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.86 Search vendor "Oracle" for product "Mysql" and version "5.0.86"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.88 Search vendor "Oracle" for product "Mysql" and version "5.0.88"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.89 Search vendor "Oracle" for product "Mysql" and version "5.0.89"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.90 Search vendor "Oracle" for product "Mysql" and version "5.0.90"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.0.91 Search vendor "Oracle" for product "Mysql" and version "5.0.91"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.1.30 Search vendor "Oracle" for product "Mysql" and version "5.1.30"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.1.33 Search vendor "Oracle" for product "Mysql" and version "5.1.33"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.1.35 Search vendor "Oracle" for product "Mysql" and version "5.1.35"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.1.36 Search vendor "Oracle" for product "Mysql" and version "5.1.36"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.1.38 Search vendor "Oracle" for product "Mysql" and version "5.1.38"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.1.39 Search vendor "Oracle" for product "Mysql" and version "5.1.39"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.1.40 Search vendor "Oracle" for product "Mysql" and version "5.1.40"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.1.41 Search vendor "Oracle" for product "Mysql" and version "5.1.41"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.1.42 Search vendor "Oracle" for product "Mysql" and version "5.1.42"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.1.43 Search vendor "Oracle" for product "Mysql" and version "5.1.43"		-		Affected
Oracle Search vendor "Oracle"		Mysql Search vendor "Oracle" for product "Mysql"				5.1.44 Search vendor "Oracle" for product "Mysql" and version "5.1.44"		-		Affected