CVE-2008-4098
Published: 18 September 2008
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
Notes
| Author | Note |
|---|---|
| mdeslaur | proper fix only made it's way to 5.0.70, so intrepid isn't properly patched |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
mysql-dfsg-5.0 Launchpad, Ubuntu, Debian |
dapper |
Released
(5.0.22-0ubuntu6.06.11)
|
| feisty |
Ignored
(end of life, was needed)
|
|
| gutsy |
Released
(5.0.45-1ubuntu3.4)
|
|
| hardy |
Released
(5.0.51a-3ubuntu5.4)
|
|
| intrepid |
Released
(5.0.67-0ubuntu6.1)
|
|
| jaunty |
Not vulnerable
(5.1.30really5.0.75-0ubuntu10.2)
|
|
| karmic |
Not vulnerable
(5.1.30really5.0.83-0ubuntu3)
|
|
| upstream |
Released
(5.0.67)
|