|
|
CVE Reference: CVE-2008-4097 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-4097 |
|
|
Description: MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/45648 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html SAID Secunia Advisory: SA32759 MLIST http://www.openwall.com/lists/oss-security/2008/09/16/3 http://www.openwall.com/lists/oss-security/2008/09/09/20 MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25 |
|
| Return to the previous page. |
