|
|
CVE Reference: CVE-2008-4098 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-4098 |
|
|
Description: MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/45649 UBUNTU http://ubuntu.com/usn/usn-897-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html SAID Secunia Advisory: SA32759 Secunia Advisory: SA38517 REDHAT http://www.redhat.com/support/errata/RHSA-2009-1067.html http://www.redhat.com/support/errata/RHSA-2010-0110.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10591 MLIST http://www.openwall.com/lists/oss-security/2008/09/16/3 http://www.openwall.com/lists/oss-security/2008/09/09/20 MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 CONFIRM http://bugs.mysql.com/bug.php?id=32167 |
|
| Return to the previous page. |
