4.6

CVE-2008-4097

EPSS 0.72%
Published 18.09.2008 15:04:27
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.

Affected products Warnungen 0 Metrics 2 CWE 0 References 12

Data is provided by the National Vulnerability Database (NVD)

Oracle ≫ Mysql Version5.0.51a

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.72%	0.701

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.6	3.9	6.4	AV:N/AC:H/Au:S/C:P/I:P/A:P

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html

Third Party Advisory

http://secunia.com/advisories/32759

Vendor Advisory

http://secunia.com/advisories/32769

Broken Link

Not Applicable

http://www.ubuntu.com/usn/USN-671-1

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2009:094

Broken Link

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25

Third Party Advisory

http://www.openwall.com/lists/oss-security/2008/09/09/20

Mailing List

http://www.openwall.com/lists/oss-security/2008/09/16/3

Mailing List

https://exchange.xforce.ibmcloud.com/vulnerabilities/45648

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2008-4097

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-4097

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-4097

EUVD