Debian DSA-1662-1 : mysql-dfsg-5.0 - authorization bypass

medium Nessus Plugin ID 34700


The remote Debian host is missing a security-related update.


A symlink traversal vulnerability was discovered in MySQL, a relational database server. The weakness could permit an attacker having both CREATE TABLE access to a database and the ability to execute shell commands on the database server to bypass MySQL access controls, enabling them to write to tables in databases to which they would not ordinarily have access.

The Common Vulnerabilities and Exposures project identifies this vulnerability as CVE-2008-4098. Note that a closely aligned issue, identified as CVE-2008-4097, was prevented by the update announced in DSA-1608-1. This new update supersedes that fix and mitigates both potential attack vectors.


Upgrade the mysql packages.

For the stable distribution (etch), this problem has been fixed in version 5.0.32-7etch8.

See Also

Plugin Details

Severity: Medium

ID: 34700

File Name: debian_DSA-1662.nasl

Version: 1.15

Type: local

Agent: unix

Published: 11/6/2008

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent

Risk Information


Risk Factor: Medium

Score: 5.5


Risk Factor: Medium

Base Score: 4.6

Temporal Score: 4

Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P

Temporal Vector: E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:mysql-dfsg-5.0, cpe:/o:debian:debian_linux:4.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 11/6/2008

Reference Information

CVE: CVE-2008-4098

BID: 29106

DSA: 1662

CWE: 59