CVE-2008-2079

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
References
Link Resource
http://bugs.mysql.com/bug.php?id=32167 Exploit Patch Vendor Advisory
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html Vendor Advisory
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html Vendor Advisory
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html Vendor Advisory
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html Vendor Advisory
http://www.securityfocus.com/bid/29106 Patch Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1019995 Third Party Advisory VDB Entry
http://secunia.com/advisories/30134 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0510.html Third Party Advisory
http://secunia.com/advisories/31226 Third Party Advisory
http://www.debian.org/security/2008/dsa-1608 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:150 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:149 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0505.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html Third Party Advisory
http://secunia.com/advisories/31066 Third Party Advisory
http://secunia.com/advisories/31687 Third Party Advisory
http://www.securityfocus.com/bid/31681 Patch Third Party Advisory VDB Entry
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html Mailing List Third Party Advisory
http://support.apple.com/kb/HT3216 Third Party Advisory
http://secunia.com/advisories/32222 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0768.html Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html Mailing List Third Party Advisory
http://secunia.com/advisories/36701 Third Party Advisory
http://support.apple.com/kb/HT3865 Third Party Advisory
http://www.vupen.com/english/advisories/2008/1472/references Third Party Advisory
http://www.vupen.com/english/advisories/2008/2780 Third Party Advisory
http://www.ubuntu.com/usn/USN-671-1 Third Party Advisory
http://secunia.com/advisories/32769 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-1289.html Third Party Advisory
http://secunia.com/advisories/36566 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/42267 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133 Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*

Information

Published : 2008-05-05 09:20

Updated : 2019-12-17 07:25


NVD link : CVE-2008-2079

Mitre link : CVE-2008-2079


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

debian

  • debian_linux

canonical

  • ubuntu_linux

oracle

  • mysql

mysql

  • mysql