CVE Vulnerability

CVE-2008-4097

MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.

4.6 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.openwall.com/lists/oss-security/2008/09/09/20 Mailing List
http://www.openwall.com/lists/oss-security/2008/09/16/3 Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html Third Party Advisory
http://secunia.com/advisories/32759 Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 Broken Link
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25 Third Party Advisory
http://www.ubuntu.com/usn/USN-671-1 Third Party Advisory
http://secunia.com/advisories/32769 Broken Link Not Applicable
https://exchange.xforce.ibmcloud.com/vulnerabilities/45648 VDB Entry
Configurations

Configuration 1

cpe:2.3:a:oracle:mysql:5.0.51a:*:*:*:*:*:*:*
Information

Published : 2008-09-18 03:04

Updated : 2020-02-18 07:22

NVD link : CVE-2008-4097

Mitre link : CVE-2008-4097

Products Affected
No products.
CWE
CWE-264