Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2079

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2008-2079
Last Modified 22 Jan 2013 10:56:05
Published 05 May 2008 12:20:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2008-2079

Summary

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

Vulnerable Systems

Application

  • Mysql 4.1.0

  • Mysql 4.1.1

  • Mysql 4.1.10

  • Mysql 4.1.11

  • Mysql 4.1.12

  • Mysql 4.1.13

  • Mysql 4.1.14

  • Mysql 4.1.15

  • Mysql 4.1.16

  • Mysql 4.1.17

  • Mysql 4.1.18

  • Mysql 4.1.19

  • Mysql 4.1.2

  • Mysql 4.1.20

  • Mysql 4.1.21

  • Mysql 4.1.22

  • Mysql 4.1.23

  • Mysql 5.0.0

  • Mysql 5.0.1

  • Mysql 5.0.10

  • Mysql 5.0.10a

  • Mysql 5.0.11

  • Mysql 5.0.12

  • Mysql 5.0.13

  • Mysql 5.0.15

  • Mysql 5.0.19

  • Mysql 5.0.1a

  • Mysql 5.0.2

  • Mysql 5.0.21

  • Mysql 5.0.22

  • Mysql 5.0.23

  • Mysql 5.0.24

  • Mysql 5.0.24a

  • Mysql 5.0.25

  • Mysql 5.0.3

  • Mysql 5.0.30

  • Mysql 5.0.32

  • Mysql 5.0.33

  • Mysql 5.0.36

  • Mysql 5.0.37

  • Mysql 5.0.38

  • Mysql 5.0.3a

  • Mysql 5.0.4

  • Mysql 5.0.41

  • Mysql 5.0.42

  • Mysql 5.0.44

  • Mysql 5.0.45

  • Mysql 5.0.4a

  • Mysql 5.0.5.0.21

  • Mysql 5.0.50

  • Mysql 5.0.51

  • Mysql 5.0.52

  • Mysql 5.0.54

  • Mysql 5.0.56

  • Mysql 5.0.6

  • Mysql 5.0.9

  • Mysql 5.1.11

  • Mysql 5.1.12

  • Mysql 5.1.14

  • Mysql 5.1.15

  • Mysql 5.1.16

  • Mysql 5.1.17

  • Mysql 5.1.18

  • Mysql 5.1.19

  • Mysql 5.1.20

  • Mysql 5.1.21

  • Mysql 5.1.22

  • Mysql 5.1.23

  • Mysql 5.1.23a

  • Mysql 5.1.3

  • Mysql 5.1.4

  • Mysql 5.1.5

  • Mysql 5.1.5a

  • Mysql 5.1.6

  • Mysql 5.1.7

  • Mysql 5.1.9

  • Mysql 6.0.0

  • Mysql 6.0.1

  • Mysql 6.0.2

  • Mysql 6.0.3

  • Mysql 6.0.4


References

BID - 31681

BID - 29106

CONFIRM - http://bugs.mysql.com/bug.php?id=32167

XF - mysql-myisam-security-bypass(42267)

VUPEN - ADV-2008-2780

VUPEN - ADV-2008-1472

SECTRACK - 1019995

REDHAT - RHSA-2008:0768

REDHAT - RHSA-2008:0510

REDHAT - RHSA-2008:0505

MANDRIVA - MDVSA-2008:150

MANDRIVA - MDVSA-2008:149

DEBIAN - DSA-1608

CONFIRM - http://support.apple.com/kb/HT3865

CONFIRM - http://support.apple.com/kb/HT3216

SECUNIA - 36701

SECUNIA - 32222

SECUNIA - 31687

SECUNIA - 31226

SECUNIA - 31066

SECUNIA - 30134

SUSE - SUSE-SR:2008:017

APPLE - APPLE-SA-2009-09-10-2

APPLE - APPLE-SA-2008-10-09

CONFIRM - http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html

CONFIRM - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html

CONFIRM - http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html

CONFIRM - http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html

UBUNTU - USN-671-1

SECUNIA - 32769

REDHAT - RHSA-2009:1289

SECUNIA - 36566

Related Patches

Apple 2008-10-09 Security Update 2008-007 Server (Leopard)


Last Updated: 27 May 2016 11:01:20