CVE-2008-4098

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
Configurations

Configuration 1

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.54:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.44:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.66:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.56:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.60:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.30:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.36:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.48:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.50:sp1:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.50:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.25:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.26:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.28:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.32:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.34:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.36:sp1:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.38:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.40:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.42:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.44:sp1:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.46:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.52:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.56:sp1:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.58:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.62:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.64:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.60:sp1:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.66:sp1:*:*:*:*:*:*

Information

Published : 2008-09-18 03:04

Updated : 2019-12-17 08:26


NVD link : CVE-2008-4098

Mitre link : CVE-2008-4098

Products Affected
No products.
CWE