CVE-2009-4030
Publication date 30 November 2009
Last updated 24 July 2024
Ubuntu priority
MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
Status
Package | Ubuntu Release | Status |
---|---|---|
mysql-5.1 | 11.04 natty |
Fixed 5.1.41-3ubuntu7
|
10.10 maverick |
Fixed 5.1.41-3ubuntu7
|
|
10.04 LTS lucid | Not in release | |
9.10 karmic | Not in release | |
9.04 jaunty | Not in release | |
8.04 LTS hardy | Not in release | |
6.06 LTS dapper | Not in release | |
mysql-dfsg | 11.04 natty | Not in release |
10.10 maverick | Not in release | |
10.04 LTS lucid | Not in release | |
9.10 karmic | Not in release | |
9.04 jaunty | Not in release | |
8.10 intrepid | Not in release | |
8.04 LTS hardy | Not in release | |
6.06 LTS dapper | Ignored end of life | |
mysql-dfsg-4.1 | 11.04 natty | Not in release |
10.10 maverick | Not in release | |
10.04 LTS lucid | Not in release | |
9.10 karmic | Not in release | |
9.04 jaunty | Not in release | |
8.10 intrepid | Not in release | |
8.04 LTS hardy | Not in release | |
6.06 LTS dapper | Ignored end of life | |
mysql-dfsg-5.0 | 11.04 natty | Not in release |
10.10 maverick | Not in release | |
10.04 LTS lucid | Not in release | |
9.10 karmic | Ignored end of life | |
9.04 jaunty |
Fixed 5.1.30really5.0.75-0ubuntu10.3
|
|
8.10 intrepid |
Fixed 5.0.67-0ubuntu6.1
|
|
8.04 LTS hardy |
Fixed 5.0.51a-3ubuntu5.5
|
|
6.06 LTS dapper |
Fixed 5.0.22-0ubuntu6.06.12
|
|
mysql-dfsg-5.1 | 11.04 natty | Not in release |
10.10 maverick | Not in release | |
10.04 LTS lucid |
Fixed 5.1.41-3ubuntu7
|
|
9.10 karmic |
Fixed 5.1.37-1ubuntu5.1
|
|
9.04 jaunty | Ignored end of life | |
8.10 intrepid | Not in release | |
8.04 LTS hardy | Not in release | |
6.06 LTS dapper | Not in release |
Notes
References
Related Ubuntu Security Notices (USN)
- USN-897-1
- MySQL vulnerabilities
- 10 February 2010
- USN-1397-1
- MySQL vulnerabilities
- 12 March 2012