CVE-2008-4098

EPSS 0.35%
Published 18.09.2008 15:04:27
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.

Affected products Warnungen 0 Metrics 2 CWE 1 References 21

Data is provided by the National Vulnerability Database (NVD)

Canonical ≫ Ubuntu Linux Version6.06 SwEditionlts

Canonical ≫ Ubuntu Linux Version7.10

Canonical ≫ Ubuntu Linux Version8.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version8.10

Canonical ≫ Ubuntu Linux Version9.04

Canonical ≫ Ubuntu Linux Version9.10

Debian ≫ Debian Linux Version5.0

Mysql ≫ Mysql Version5.0.0

Mysql ≫ Mysql Version5.0.1

Mysql ≫ Mysql Version5.0.2

Mysql ≫ Mysql Version5.0.3

Mysql ≫ Mysql Version5.0.4

Mysql ≫ Mysql Version5.0.5

Mysql ≫ Mysql Version5.0.10

Mysql ≫ Mysql Version5.0.15

Mysql ≫ Mysql Version5.0.16

Mysql ≫ Mysql Version5.0.17

Mysql ≫ Mysql Version5.0.20

Mysql ≫ Mysql Version5.0.24

Mysql ≫ Mysql Version5.0.30

Mysql ≫ Mysql Version5.0.36

Mysql ≫ Mysql Version5.0.44

Mysql ≫ Mysql Version5.0.54

Mysql ≫ Mysql Version5.0.56

Mysql ≫ Mysql Version5.0.60

Mysql ≫ Mysql Version5.0.66

Oracle ≫ Mysql Version5.0.23

Oracle ≫ Mysql Version5.0.25

Oracle ≫ Mysql Version5.0.26

Oracle ≫ Mysql Version5.0.28

Oracle ≫ Mysql Version5.0.30 Updatesp1

Oracle ≫ Mysql Version5.0.32

Oracle ≫ Mysql Version5.0.34

Oracle ≫ Mysql Version5.0.36 Updatesp1

Oracle ≫ Mysql Version5.0.38

Oracle ≫ Mysql Version5.0.40

Oracle ≫ Mysql Version5.0.41

Oracle ≫ Mysql Version5.0.42

Oracle ≫ Mysql Version5.0.44 Updatesp1

Oracle ≫ Mysql Version5.0.45

Oracle ≫ Mysql Version5.0.46

Oracle ≫ Mysql Version5.0.48

Oracle ≫ Mysql Version5.0.50

Oracle ≫ Mysql Version5.0.50 Updatesp1

Oracle ≫ Mysql Version5.0.51

Oracle ≫ Mysql Version5.0.52

Oracle ≫ Mysql Version5.0.56 Updatesp1

Oracle ≫ Mysql Version5.0.58

Oracle ≫ Mysql Version5.0.60 Updatesp1

Oracle ≫ Mysql Version5.0.62

Oracle ≫ Mysql Version5.0.64

Oracle ≫ Mysql Version5.0.66 Updatesp1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.35%	0.567

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.6	3.9	6.4	AV:N/AC:H/Au:S/C:P/I:P/A:P

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html

Third Party Advisory

http://secunia.com/advisories/32759

Not Applicable

http://www.ubuntu.com/usn/USN-1397-1

http://bugs.mysql.com/bug.php?id=32167

Patch

Vendor Advisory

Issue Tracking

http://secunia.com/advisories/32769

Not Applicable

http://www.ubuntu.com/usn/USN-671-1