CVE-2008-4097

Severity

46%

Complexity

39%

Confidentiality

106%

Per http://www.securityfocus.com/bid/29106 this vulnerability is remotely exploitable.

MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.

Per http://www.securityfocus.com/bid/29106 this vulnerability is remotely exploitable.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:P).

Overview

First reported 16 years ago

2008-09-18 15:04:00

Last updated 5 years ago

2020-02-18 19:22:00

Affected Software

Oracle MySQL 5.0.51a

5.0.51a

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25

Third Party Advisory

SUSE-SR:2008:025

Third Party Advisory

32759

Vendor Advisory

32769

Broken Link, Not Applicable

MDVSA-2009:094

Broken Link

[oss-security] 20080909 Re: CVE request: MySQL incomplete fix for CVE-2008-2079

Mailing List

[oss-security] 20080916 Re: CVE request: MySQL incomplete fix for CVE-2008-2079

Mailing List

USN-671-1

Third Party Advisory

mysql-myisam-symlinks-security-bypass(45648)

VDB Entry

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.