Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4097

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2008-4097
Last Modified 30 Oct 2012 11:03:45
Published 18 Sep 2008 11:04:27
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2008-4097

Summary

MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.

Vulnerable Systems

Application

  • Mysql 5.0.51a


References

XF - mysql-myisam-symlinks-security-bypass(45648)

MLIST - [oss-security] 20080916 Re: CVE request: MySQL incomplete fix for CVE-2008-2079

MLIST - [oss-security] 20080909 Re: CVE request: MySQL incomplete fix for CVE-2008-2079

MANDRIVA - MDVSA-2009:094

SECUNIA - 32759

SUSE - SUSE-SR:2008:025

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25

UBUNTU - USN-671-1

SECUNIA - 32769

Related Patches

Novell SUSE 2008:5618 mysql security update for SLE 10 i586


Last Updated: 27 May 2016 10:49:46