Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4097


Vulnerability Score 4.6 4.6
CVE Id CVE-2008-4097
Last Modified 30 Oct 2012 11:03:45
Published 18 Sep 2008 11:04:27
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE



MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.

Vulnerable Systems


  • Mysql 5.0.51a


XF - mysql-myisam-symlinks-security-bypass(45648)

MLIST - [oss-security] 20080916 Re: CVE request: MySQL incomplete fix for CVE-2008-2079

MLIST - [oss-security] 20080909 Re: CVE request: MySQL incomplete fix for CVE-2008-2079


SECUNIA - 32759

SUSE - SUSE-SR:2008:025


UBUNTU - USN-671-1

SECUNIA - 32769

Related Patches

Novell SUSE 2008:5618 mysql security update for SLE 10 i586

Last Updated: 27 May 2016 10:49:46