QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2009-4030

Back to search

CVE-2009-4030

Published: Nov 30, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.

VendorProductVersions

n/a

n/a

affected
n/a

References

38573
third-party-advisory
x_refsource_SECUNIA
USN-1397-1
vendor-advisory
x_refsource_UBUNTU
38517
third-party-advisory
x_refsource_SECUNIA
RHSA-2010:0109
vendor-advisory
x_refsource_REDHAT
ADV-2010-1107
vdb-entry
x_refsource_VUPEN
[oss-security] 20091124 Re: mysql-5.1.41
mailing-list
x_refsource_MLIST
USN-897-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SR:2010:011
vendor-advisory
x_refsource_SUSE
APPLE-SA-2010-03-29-1
vendor-advisory
x_refsource_APPLE
[oss-security] 20091119 mysql-5.1.41
mailing-list
x_refsource_MLIST
[oss-security] 20091124 Re: mysql-5.1.41
mailing-list
x_refsource_MLIST
[oss-security] 20091124 Re: mysql-5.1.41
mailing-list
x_refsource_MLIST
oval:org.mitre.oval:def:11116
vdb-entry
signature
x_refsource_OVAL
RHSA-2010:0110
vendor-advisory
x_refsource_REDHAT
SUSE-SR:2010:021
vendor-advisory
x_refsource_SUSE
oval:org.mitre.oval:def:8156
vdb-entry
signature
x_refsource_OVAL
DSA-1997
vendor-advisory
x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now