QwikSec

Security Database

CVE

CWE

Training

CVE-2008-4098

Published: Sep 17, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_MANDRIVA

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_REDHAT

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

third-party-advisory

x_refsource_SECUNIA

oval:org.mitre.oval:def:10591

vdb-entry

signature

x_refsource_OVAL

vendor-advisory

x_refsource_UBUNTU

third-party-advisory

x_refsource_SECUNIA

[oss-security] 20080909 Re: CVE request: MySQL incomplete fix for CVE-2008-2079

mailing-list

x_refsource_MLIST

[oss-security] 20080916 Re: CVE request: MySQL incomplete fix for CVE-2008-2079

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

mysql-myisam-symlink-security-bypass(45649)

vdb-entry

x_refsource_XF

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_REDHAT

http://bugs.mysql.com/bug.php?id=32167

x_refsource_CONFIRM

SUSE-SR:2008:025

vendor-advisory

x_refsource_SUSE

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.