[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-2079Date: (C)2008-05-05   (M)2023-12-22


MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.6
Exploit Score: 3.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1019995
BID-29106
SECUNIA-30134
SECUNIA-31066
SECUNIA-31226
BID-31681
SECUNIA-31687
SECUNIA-32222
SECUNIA-32769
SECUNIA-36566
SECUNIA-36701
ADV-2008-1472
ADV-2008-2780
APPLE-SA-2008-10-09
APPLE-SA-2009-09-10-2
DSA-1608
MDVSA-2008:149
MDVSA-2008:150
RHSA-2008:0505
RHSA-2008:0510
RHSA-2008:0768
RHSA-2009:1289
SUSE-SR:2008:017
USN-671-1
http://bugs.mysql.com/bug.php?id=32167
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html
http://support.apple.com/kb/HT3216
http://support.apple.com/kb/HT3865
mysql-myisam-security-bypass(42267)
oval:org.mitre.oval:def:10133

CPE    6
cpe:/a:mysql:mysql
cpe:/o:debian:debian_linux:4.0
cpe:/o:canonical:ubuntu_linux:6.06::~~lts~~~
cpe:/a:oracle:mysql
...
CWE    1
CWE-264
OVAL    13
oval:org.secpod.oval:def:201971
oval:org.secpod.oval:def:301436
oval:org.secpod.oval:def:202151
oval:org.secpod.oval:def:20676
...

© SecPod Technologies