CVE-2008-2079 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-2079
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-2079

Description: MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/42267 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html ST 1019995 SAID Secunia Advisory: SA31687 Secunia Advisory: SA32222 Secunia Advisory: SA36701 Secunia Advisory: SA30134 Secunia Advisory: SA31066 Secunia Advisory: SA31226 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0768.html http://www.redhat.com/support/errata/RHSA-2008-0505.html http://www.redhat.com/support/errata/RHSA-2008-0510.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:149 http://www.mandriva.com/security/advisories?name=MDVSA-2008:150 DEBIAN http://www.debian.org/security/2008/dsa-1608 CONFIRM http://support.apple.com/kb/HT3216 http://support.apple.com/kb/HT3865 http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html http://bugs.mysql.com/bug.php?id=32167 BID 29106 31681 APPLE http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

Return to the previous page.