icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Oracle MySQL 4.1 < 4.1.24 MyISAM Table Privilege Check Bypass

Medium

Synopsis

The remote database server allows a local user to circumvent privileges.

Description

The version of MySQL installed on the remote host reportedly allows a local user to circumvent privileges through creation of MyISAM tables using the 'DATA DIRECTORY' and 'INDEX DIRECTORY' options to overwrite existing table files in the application's data directory.

Solution

Upgrade to version 4.1.24 or higher.