CVE Vulnerability

CVE-2008-2079

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

4.6 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://bugs.mysql.com/bug.php?id=32167 Exploit Patch
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html Vendor Advisory
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html Vendor Advisory
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html Vendor Advisory
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html Vendor Advisory
http://www.securityfocus.com/bid/29106 Patch Third Party Advisory
http://www.securitytracker.com/id?1019995 Third Party Advisory VDB Entry
http://secunia.com/advisories/30134 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0510.html Third Party Advisory
http://secunia.com/advisories/31226 Third Party Advisory
http://www.debian.org/security/2008/dsa-1608 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:150 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:149 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0505.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html Third Party Advisory
http://secunia.com/advisories/31066 Third Party Advisory
http://secunia.com/advisories/31687 Third Party Advisory
http://www.securityfocus.com/bid/31681 Patch Third Party Advisory
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html Mailing List Third Party Advisory
http://support.apple.com/kb/HT3216 Third Party Advisory
http://secunia.com/advisories/32222 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0768.html Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html Mailing List Third Party Advisory
http://secunia.com/advisories/36701 Third Party Advisory
http://support.apple.com/kb/HT3865 Third Party Advisory
http://www.vupen.com/english/advisories/2008/1472/references Third Party Advisory
http://www.vupen.com/english/advisories/2008/2780 Third Party Advisory
http://www.ubuntu.com/usn/USN-671-1 Third Party Advisory
http://secunia.com/advisories/32769 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-1289.html Third Party Advisory
http://secunia.com/advisories/36566 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/42267 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
Information

Published : 2008-05-05 04:20

Updated : 2019-12-17 03:25

NVD link : CVE-2008-2079

Mitre link : CVE-2008-2079

Products Affected
No products.
CWE
CWE-264