Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4098

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2008-4098
Last Modified 30 Oct 2012 11:03:45
Published 18 Sep 2008 11:04:27
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2008-4098

Summary

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.

Vulnerable Systems

Application

  • Mysql

  • Mysql 3.20

  • Mysql 3.20.32a

  • Mysql 3.21

  • Mysql 3.22

  • Mysql 3.22.26

  • Mysql 3.22.27

  • Mysql 3.22.28

  • Mysql 3.22.29

  • Mysql 3.22.30

  • Mysql 3.22.32

  • Mysql 3.23

  • Mysql 3.23.0

  • Mysql 3.23.1

  • Mysql 3.23.10

  • Mysql 3.23.11

  • Mysql 3.23.12

  • Mysql 3.23.13

  • Mysql 3.23.14

  • Mysql 3.23.15

  • Mysql 3.23.16

  • Mysql 3.23.17

  • Mysql 3.23.18

  • Mysql 3.23.19

  • Mysql 3.23.2

  • Mysql 3.23.20

  • Mysql 3.23.21

  • Mysql 3.23.22

  • Mysql 3.23.23

  • Mysql 3.23.24

  • Mysql 3.23.25

  • Mysql 3.23.26

  • Mysql 3.23.27

  • Mysql 3.23.28

  • Mysql 3.23.29

  • Mysql 3.23.3

  • Mysql 3.23.30

  • Mysql 3.23.31

  • Mysql 3.23.32

  • Mysql 3.23.33

  • Mysql 3.23.34

  • Mysql 3.23.35

  • Mysql 3.23.36

  • Mysql 3.23.37

  • Mysql 3.23.38

  • Mysql 3.23.39

  • Mysql 3.23.4

  • Mysql 3.23.40

  • Mysql 3.23.41

  • Mysql 3.23.42

  • Mysql 3.23.43

  • Mysql 3.23.44

  • Mysql 3.23.45

  • Mysql 3.23.46

  • Mysql 3.23.47

  • Mysql 3.23.48

  • Mysql 3.23.49

  • Mysql 3.23.5

  • Mysql 3.23.50

  • Mysql 3.23.51

  • Mysql 3.23.52

  • Mysql 3.23.53

  • Mysql 3.23.53a

  • Mysql 3.23.54

  • Mysql 3.23.54a

  • Mysql 3.23.55

  • Mysql 3.23.56

  • Mysql 3.23.57

  • Mysql 3.23.58

  • Mysql 3.23.59

  • Mysql 3.23.6

  • Mysql 3.23.7

  • Mysql 3.23.8

  • Mysql 3.23.9

  • Mysql 4.0.0

  • Mysql 4.0.1

  • Mysql 4.0.10

  • Mysql 4.0.11

  • Mysql 4.0.12

  • Mysql 4.0.13

  • Mysql 4.0.14

  • Mysql 4.0.15

  • Mysql 4.0.16

  • Mysql 4.0.17

  • Mysql 4.0.18

  • Mysql 4.0.19

  • Mysql 4.0.2

  • Mysql 4.0.20

  • Mysql 4.0.21

  • Mysql 4.0.23

  • Mysql 4.0.24

  • Mysql 4.0.25

  • Mysql 4.0.26

  • Mysql 4.0.27

  • Mysql 4.0.3

  • Mysql 4.0.4

  • Mysql 4.0.5

  • Mysql 4.0.5a

  • Mysql 4.0.6

  • Mysql 4.0.7

  • Mysql 4.0.8

  • Mysql 4.0.9

  • Mysql 4.1

  • Mysql 4.1.0

  • Mysql 4.1.0.0

  • Mysql 4.1.1

  • Mysql 4.1.10

  • Mysql 4.1.10a

  • Mysql 4.1.11

  • Mysql 4.1.12

  • Mysql 4.1.12a

  • Mysql 4.1.13

  • Mysql 4.1.13a

  • Mysql 4.1.14

  • Mysql 4.1.14a

  • Mysql 4.1.15

  • Mysql 4.1.15a

  • Mysql 4.1.16

  • Mysql 4.1.17

  • Mysql 4.1.18

  • Mysql 4.1.19

  • Mysql 4.1.2

  • Mysql 4.1.20

  • Mysql 4.1.21

  • Mysql 4.1.22

  • Mysql 4.1.23

  • Mysql 4.1.3

  • Mysql 4.1.4

  • Mysql 4.1.5

  • Mysql 4.1.6

  • Mysql 4.1.7

  • Mysql 4.1.8

  • Mysql 4.1.8a

  • Mysql 4.1.9

  • Mysql 5.0

  • Mysql 5.0.0

  • Mysql 5.0.0.0

  • Mysql 5.0.1

  • Mysql 5.0.10

  • Mysql 5.0.10a

  • Mysql 5.0.11

  • Mysql 5.0.12

  • Mysql 5.0.13

  • Mysql 5.0.14

  • Mysql 5.0.15

  • Mysql 5.0.15a

  • Mysql 5.0.16

  • Mysql 5.0.16a

  • Mysql 5.0.17

  • Mysql 5.0.17a

  • Mysql 5.0.18

  • Mysql 5.0.19

  • Mysql 5.0.1a

  • Mysql 5.0.2

  • Mysql 5.0.20

  • Mysql 5.0.20a

  • Mysql 5.0.21

  • Mysql 5.0.22

  • Mysql 5.0.22.1.0.1

  • Mysql 5.0.23

  • Mysql 5.0.24

  • Mysql 5.0.24a

  • Mysql 5.0.25

  • Mysql 5.0.27

  • Mysql 5.0.3

  • Mysql 5.0.30

  • Mysql 5.0.32

  • Mysql 5.0.33

  • Mysql 5.0.36

  • Mysql 5.0.37

  • Mysql 5.0.38

  • Mysql 5.0.3a

  • Mysql 5.0.4

  • Mysql 5.0.41

  • Mysql 5.0.42

  • Mysql 5.0.44

  • Mysql 5.0.45

  • Mysql 5.0.4a

  • Mysql 5.0.5

  • Mysql 5.0.5.0.21

  • Mysql 5.0.50

  • Mysql 5.0.51a

  • Mysql 5.0.51b

  • Mysql 5.0.6

  • Mysql 5.0.7

  • Mysql 5.0.8

  • Mysql 5.0.9


References

CONFIRM - http://bugs.mysql.com/bug.php?id=32167

XF - mysql-myisam-symlink-security-bypass(45649)

REDHAT - RHSA-2010:0110

REDHAT - RHSA-2009:1067

MLIST - [oss-security] 20080916 Re: CVE request: MySQL incomplete fix for CVE-2008-2079

MLIST - [oss-security] 20080909 Re: CVE request: MySQL incomplete fix for CVE-2008-2079

MANDRIVA - MDVSA-2009:094

UBUNTU - USN-897-1

SECUNIA - 38517

SECUNIA - 32759

SUSE - SUSE-SR:2008:025

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25

DEBIAN - DSA-1662

SECUNIA - 32578

UBUNTU - USN-671-1

SECUNIA - 32769

Related Patches

Novell SUSE 2008:5618 mysql security update for SLE 10 i586


Last Updated: 27 May 2016 11:01:19