CVE-2008-2079 — MEDIUM (4.6)

Q: How severe is CVE-2008-2079?

CVE-2008-2079 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-2079?

Check the references section above for vendor advisories and patch information. Affected products include: Mysql Mysql, Oracle Mysql, Debian Debian Linux, Canonical Ubuntu Linux.

Vulnerability Description

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

CVSS Score

4.6

MEDIUM

AV:N/AC:H/Au:S/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Mysql	Mysql	>= 4.1.0, < 4.1.24
Oracle	Mysql	>= 6.0.0, < 6.0.5
Debian	Debian Linux	4.0
Canonical	Ubuntu Linux	6.06

Related Weaknesses (CWE)

CWE-264

References

http://bugs.mysql.com/bug.php?id=32167ExploitPatchVendor Advisory
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.htmlVendor Advisory
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.htmlVendor Advisory
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.htmlVendor Advisory
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.htmlVendor Advisory
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlMailing ListThird Party Advisory
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlThird Party Advisory
http://secunia.com/advisories/30134Third Party Advisory
http://secunia.com/advisories/31066Third Party Advisory
http://secunia.com/advisories/31226Third Party Advisory
http://secunia.com/advisories/31687Third Party Advisory
http://secunia.com/advisories/32222Third Party Advisory
http://secunia.com/advisories/32769Third Party Advisory
http://secunia.com/advisories/36566Third Party Advisory

FAQ

What is CVE-2008-2079?

CVE-2008-2079 is a vulnerability with a CVSS score of 4.6 (MEDIUM). MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modifie...

How severe is CVE-2008-2079?

CVE-2008-2079 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-2079?

Check the references section above for vendor advisories and patch information. Affected products include: Mysql Mysql, Oracle Mysql, Debian Debian Linux, Canonical Ubuntu Linux.