CVE-2008-4098

MEDIUM

Description

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.

ID	Name	Product	Family	Severity
80705	Oracle Solaris Third-Party Patch Update : mysql (multiple_vulnerabilities_in_mysql)	Nessus	Solaris Local Security Checks	medium
67998	Oracle Linux 4 : mysql (ELSA-2010-0110)	Nessus	Oracle Linux Local Security Checks	high
67997	Oracle Linux 5 : mysql (ELSA-2010-0109)	Nessus	Oracle Linux Local Security Checks	medium
63890	RHEL 5 : mysql (RHSA-2009:1289)	Nessus	Red Hat Local Security Checks	high
60736	Scientific Linux Security Update : mysql on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
60735	Scientific Linux Security Update : mysql on SL4.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
58325	Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-1397-1)	Nessus	Ubuntu Local Security Checks	high
57446	GLSA-201201-02 : MySQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
44948	CentOS 5 : mysql (CESA-2010:0109)	Nessus	CentOS Local Security Checks	medium
44647	CentOS 4 : mysql (CESA-2010:0110)	Nessus	CentOS Local Security Checks	high
44635	RHEL 4 : mysql (RHSA-2010:0110)	Nessus	Red Hat Local Security Checks	high
44634	RHEL 5 : mysql (RHSA-2010:0109)	Nessus	Red Hat Local Security Checks	medium
44585	Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-897-1)	Nessus	Ubuntu Local Security Checks	high
43782	CentOS 5 : mysql (CESA-2009:1289)	Nessus	CentOS Local Security Checks	high
43045	Mandriva Linux Security Advisory : mysql (MDVSA-2009:326)	Nessus	Mandriva Local Security Checks	high
41243	SuSE9 Security Update : MySQL (YOU Patch Number 12256)	Nessus	SuSE Local Security Checks	medium
40026	openSUSE Security Update : libmysqlclient-devel (libmysqlclient-devel-210)	Nessus	SuSE Local Security Checks	medium
37299	Ubuntu 6.06 LTS / 7.10 / 8.04 LTS : mysql-dfsg-5.0 vulnerabilities (USN-671-1)	Nessus	Ubuntu Local Security Checks	medium
36943	Mandriva Linux Security Advisory : mysql (MDVSA-2009:094)	Nessus	Mandriva Local Security Checks	medium
35279	FreeBSD : mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths (738f8f9e-d661-11dd-a765-0030843d3802)	Nessus	FreeBSD Local Security Checks	medium
35248	openSUSE 10 Security Update : libmysqlclient-devel (libmysqlclient-devel-5619)	Nessus	SuSE Local Security Checks	medium
34985	openSUSE 10 Security Update : mysql (mysql-5613)	Nessus	SuSE Local Security Checks	medium
34765	SuSE 10 Security Update : MySQL (ZYPP Patch Number 5618)	Nessus	SuSE Local Security Checks	medium
4743	Oracle MySQL Enterprise Server 5.0 < 5.0.70 Privilege Bypass	Nessus Network Monitor	Database	medium
34727	MySQL Enterprise Server 5.0 < 5.0.70 Privilege Bypass	Nessus	Databases	medium
34700	Debian DSA-1662-1 : mysql-dfsg-5.0 - authorization bypass	Nessus	Debian Local Security Checks	medium
34159	MySQL Community Server 5.0 < 5.0.67 Multiple Vulnerabilities	Nessus	Databases	high
801141	MySQL Enterprise Server 5.0 < 5.0.70 Privilege Bypass	Log Correlation Engine	Database	medium

CVE-2008-4098

Description

References

Details

Risk Information

CVSS v2.0