CVE-2008-2079 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-2079
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-2079

Description: MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/42267 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html ST 1019995 SAID Secunia Advisory: SA30134 Secunia Advisory: SA31066 Secunia Advisory: SA31226 Secunia Advisory: SA31687 Secunia Advisory: SA32222 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0768.html http://www.redhat.com/support/errata/RHSA-2008-0510.html http://www.redhat.com/support/errata/RHSA-2008-0505.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:150 http://www.mandriva.com/security/advisories?name=MDVSA-2008:149 DEBIAN http://www.debian.org/security/2008/dsa-1608 CONFIRM http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html http://support.apple.com/kb/HT3216 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html http://bugs.mysql.com/bug.php?id=32167 BID 31681 29106 APPLE http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

Return to the previous page.