CVE-2008-4097

Vulnerability Description

MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25Third Party Advisory
• http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.htmlThird Party Advisory
• http://secunia.com/advisories/32759Vendor Advisory
• http://secunia.com/advisories/32769Broken LinkNot Applicable
• http://www.mandriva.com/security/advisories?name=MDVSA-2009:094Broken Link
• http://www.openwall.com/lists/oss-security/2008/09/09/20Mailing List
• http://www.openwall.com/lists/oss-security/2008/09/16/3Mailing List
• http://www.ubuntu.com/usn/USN-671-1Third Party Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/45648VDB Entry
• http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25Third Party Advisory
• http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.htmlThird Party Advisory
• http://secunia.com/advisories/32759Vendor Advisory
• http://secunia.com/advisories/32769Broken LinkNot Applicable
• http://www.mandriva.com/security/advisories?name=MDVSA-2009:094Broken Link
• http://www.openwall.com/lists/oss-security/2008/09/09/20Mailing List