CVE-2008-2079

Severity

46%

Complexity

39%

Confidentiality

106%

Per http://www.securityfocus.com/bid/29106 and http://secunia.com/advisories/32222, this vulnerability is remotely exploitable.

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

Per http://www.securityfocus.com/bid/29106 and http://secunia.com/advisories/32222, this vulnerability is remotely exploitable.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:P).

Overview

First reported 16 years ago

2008-05-05 16:20:00

Last updated 5 years ago

2019-12-17 15:25:00

Affected Software

MySQL MySQL

Oracle MySQL -

Debian GNU/Linux 4.0

4.0

Canonical Ubuntu Linux 6.06 LTS (Long-Term Support)

6.06

Canonical Ubuntu Linux 7.10

7.10

Canonical Ubuntu Linux 8.04 LTS (Long-Term Support)

8.04

References

http://bugs.mysql.com/bug.php?id=32167

Exploit, Patch, Vendor Advisory

http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html

Vendor Advisory

http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html

Vendor Advisory

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html

Vendor Advisory

http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html

Vendor Advisory

APPLE-SA-2008-10-09

Mailing List, Third Party Advisory

APPLE-SA-2009-09-10-2

Mailing List, Third Party Advisory

SUSE-SR:2008:017

Third Party Advisory

30134

Third Party Advisory

31066

Third Party Advisory

31226

Third Party Advisory

31687

Third Party Advisory

32222

Third Party Advisory

32769

Third Party Advisory

36566

Third Party Advisory

36701

Third Party Advisory

http://support.apple.com/kb/HT3216

Third Party Advisory

http://support.apple.com/kb/HT3865

Third Party Advisory

DSA-1608

Third Party Advisory

MDVSA-2008:149

Third Party Advisory

MDVSA-2008:150

Third Party Advisory

RHSA-2008:0505

Third Party Advisory

RHSA-2008:0510

Third Party Advisory

RHSA-2008:0768

Third Party Advisory

RHSA-2009:1289

Third Party Advisory

29106

Patch, Third Party Advisory, VDB Entry

31681

Patch, Third Party Advisory, VDB Entry

1019995

Third Party Advisory, VDB Entry

USN-671-1

Third Party Advisory

ADV-2008-1472

Third Party Advisory

ADV-2008-2780

Third Party Advisory

mysql-myisam-security-bypass(42267)

Third Party Advisory, VDB Entry

oval:org.mitre.oval:def:10133

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.