CVE-2008-4097

Published: 9/17/2008 Last updated: 8/7/2024 Reserved: 9/15/2008

MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (1)

conf-mysql

Products affected (1)

Product	Vendor	Version
n/a	n/a	7.8

References (18)

http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
http://www.ubuntu.com/usn/USN-671-1
http://secunia.com/advisories/32769
http://www.openwall.com/lists/oss-security/2008/09/09/20
https://exchange.xforce.ibmcloud.com/vulnerabilities/45648
http://www.openwall.com/lists/oss-security/2008/09/16/3
http://secunia.com/advisories/32759
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25
http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
http://www.ubuntu.com/usn/USN-671-1
http://secunia.com/advisories/32769
http://www.openwall.com/lists/oss-security/2008/09/09/20
https://exchange.xforce.ibmcloud.com/vulnerabilities/45648
http://www.openwall.com/lists/oss-security/2008/09/16/3
http://secunia.com/advisories/32759
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25