CVE-2010-2008

Name of the Vulnerable Software and Affected Versions MySQL versions prior to 5.1.48

Description The issue allows remote authenticated users with alter database privileges to cause a denial of service, resulting in a server crash and potential database loss. This is achieved through an ALTER DATABASE command that includes a specific string, such as #mysql50# followed by a sequence like ., .., or ../, and an UPGRADE DATA DIRECTORY NAME command. This sequence of commands causes MySQL to move certain directories to the server data directory, leading to the denial of service.

Recommendations For versions prior to 5.1.48, update to version 5.1.48 or later to resolve the issue. As a temporary workaround, consider restricting alter database privileges to minimize the risk of exploitation. Avoid using the ALTER DATABASE command with the specified string sequences until the issue is resolved.