CVE-2008-4098 - Improper Link Resolution Before File Access ('Link Following')

Severity

46%

Complexity

39%

Confidentiality

106%

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:P).

Overview

First reported 16 years ago

2008-09-18 15:04:00

Last updated 5 years ago

2019-12-17 20:26:00

Affected Software

Canonical Ubuntu Linux 6.06 LTS (Long-Term Support)

6.06

Canonical Ubuntu Linux 7.10

7.10

Canonical Ubuntu Linux 8.04 LTS (Long-Term Support)

8.04

Canonical Ubuntu Linux 8.10

8.10

Canonical Ubuntu Linux 9.04

9.04

Canonical Ubuntu Linux 9.10

9.10

Debian GNU/Linux 5.0

5.0

MySQL MySQL 5.0.0

5.0.0

MySQL MySQL 5.0.1

5.0.1

MySQL MySQL 5.0.2

5.0.2

MySQL MySQL 5.0.3

5.0.3

MySQL MySQL 5.0.4

5.0.4

MySQL MySQL 5.0.5

5.0.5

MySQL MySQL 5.0.10

5.0.10

MySQL MySQL 5.0.15

5.0.15

MySQL MySQL 5.0.16

5.0.16

MySQL MySQL 5.0.17

5.0.17

MySQL MySQL 5.0.20

5.0.20

MySQL MySQL 5.0.24

5.0.24

MySQL 5.0.30

5.0.30

MySQL 5.0.36

5.0.36

MySQL5.0.44

5.0.44

MySQL5.0.54

5.0.54

MySQL5.0.56

5.0.56

MySQL5.0.60

5.0.60

MySQL5.0.66

5.0.66

Oracle MySQL 5.0.23

5.0.23

Oracle MySQL 5.0.25

5.0.25

Oracle MySQL 5.0.26

5.0.26

Oracle MySQL 5.0.28

5.0.28

Oracle MySQL 5.0.30 Service Pack 1

5.0.30

Oracle MySQL 5.0.32

5.0.32

Oracle MySQL 5.0.34

5.0.34

Oracle MySQL 5.0.36 Service Pack 1

5.0.36

Oracle MySQL 5.0.38

5.0.38

Oracle MySQL 5.0.40

5.0.40

Oracle MySQL 5.0.41

5.0.41

Oracle MySQL 5.0.42

5.0.42

Oracle MySQL 5.0.44 Service Pack 1

5.0.44

Oracle MySQL 5.0.45

5.0.45

Oracle MySQL 5.0.46

5.0.46

Oracle MySQL 5.0.48

5.0.48

Oracle MySQL 5.0.50

5.0.50

Oracle MySQL 5.0.50 Service Pack 1

5.0.50

Oracle MySQL 5.0.51

5.0.51

Oracle MySQL 5.0.52

5.0.52

Oracle MySQL 5.0.56 Service Pack 1

5.0.56

Oracle MySQL 5.0.58

5.0.58

Oracle MySQL 5.0.60 Service Pack 1

5.0.60

Oracle MySQL 5.0.62

5.0.62

Oracle MySQL 5.0.64

5.0.64

Oracle MySQL 5.0.66 Service Pack 1

5.0.66

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25

Issue Tracking, Third Party Advisory

http://bugs.mysql.com/bug.php?id=32167

Issue Tracking, Patch, Vendor Advisory

SUSE-SR:2008:025

Third Party Advisory

32578

32759

32769

38517

USN-897-1

Third Party Advisory

DSA-1662

Third Party Advisory

MDVSA-2009:094

[oss-security] 20080909 Re: CVE request: MySQL incomplete fix for CVE-2008-2079

Mailing List, Third Party Advisory

[oss-security] 20080916 Re: CVE request: MySQL incomplete fix for CVE-2008-2079

Mailing List, Third Party Advisory

RHSA-2009:1067

Third Party Advisory

RHSA-2010:0110

Third Party Advisory

USN-1397-1

USN-671-1

Third Party Advisory

mysql-myisam-symlink-security-bypass(45649)

oval:org.mitre.oval:def:10591

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.