4.6

CVE-2008-2079

Exploit

EPSS 0.56%
Published 05.05.2008 16:20:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

Affected products Warnungen 0 Metrics 2 CWE 0 References 36

Data is provided by the National Vulnerability Database (NVD)

Mysql ≫ Mysql Version >= 4.1.0 < 4.1.24

Mysql ≫ Mysql Version >= 5.0.0 < 5.0.60

Mysql ≫ Mysql Version >= 5.1.0 < 5.1.24

Oracle ≫ Mysql Version >= 6.0.0 < 6.0.5

Debian ≫ Debian Linux Version4.0

Canonical ≫ Ubuntu Linux Version6.06 SwEditionlts

Canonical ≫ Ubuntu Linux Version7.10

Canonical ≫ Ubuntu Linux Version8.04 SwEditionlts

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.56%	0.676

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.6	3.9	6.4	AV:N/AC:H/Au:S/C:P/I:P/A:P

http://secunia.com/advisories/31226

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0768.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

Third Party Advisory

http://secunia.com/advisories/31687

Third Party Advisory

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/32222

Third Party Advisory

http://support.apple.com/kb/HT3216

Third Party Advisory

http://www.securityfocus.com/bid/31681

Patch

Third Party Advisory

VDB Entry

http://www.vupen.com/english/advisories/2008/2780

Third Party Advisory

http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2008-0505.html

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:150

Third Party Advisory

http://bugs.mysql.com/bug.php?id=32167

Patch

Vendor Advisory

Exploit

http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html

Vendor Advisory

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html

Vendor Advisory

http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html

Vendor Advisory

http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/30134

Third Party Advisory

http://secunia.com/advisories/31066

Third Party Advisory

http://secunia.com/advisories/32769

Third Party Advisory

http://secunia.com/advisories/36566

Third Party Advisory

http://secunia.com/advisories/36701

Third Party Advisory

http://support.apple.com/kb/HT3865

Third Party Advisory

http://www.debian.org/security/2008/dsa-1608

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:149

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0510.html

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2009-1289.html

Third Party Advisory

http://www.securityfocus.com/bid/29106

Patch

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id?1019995

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/USN-671-1

Third Party Advisory

http://www.vupen.com/english/advisories/2008/1472/references

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/42267

Third Party Advisory

VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2008-2079

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-2079

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-2079

EUVD