Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2008-2079

Published: 05/05/2008 Updated: 17/12/2019
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 411
Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P
Subscribe to Mysql

Vulnerability Summary

MySQL 4.1.x prior to 4.1.24, 5.0.x prior to 5.0.60, 5.1.x prior to 5.1.24, and 6.0.x prior to 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

Vulnerable Product Search on Vulmon Subscribe to Product

mysql mysql

oracle mysql

debian debian linux 4.0

canonical ubuntu linux 7.10

canonical ubuntu linux 6.06

canonical ubuntu linux 8.04

Vendor Advisories

Red Hat: Moderate: mysql security update
Synopsis Moderate: mysql security update Type/Severity Security Advisory: Moderate Topic Updated mysql packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team Descr ...
Red Hat: Moderate: mysql security update
Synopsis Moderate: mysql security update Type/Severity Security Advisory: Moderate Topic Updated mysql packages that fix several security issues are now availablefor Red Hat Enterprise Linux 4This update has been rated as having moderate security impact by the RedHat Security Response Team Descri ...
Ubuntu Security Notice: mysql-dfsg-5.0 vulnerabilities
It was discovered that MySQL could be made to overwrite existing table files in the data directory An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks This update alters table creation behaviour by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY o ...
Debian Security Advisories: DSA-1608-1 mysql-dfsg-5.0 -- authorization bypass
Sergei Golubchik discovered that MySQL, a widely-deployed database server, did not properly validate optional data or index directory paths given in a CREATE TABLE statement, nor would it (under proper conditions) prevent two databases from using the same paths for data or index files This permits an authenticated user with authorization to create ...

References

CWE-264http://bugs.mysql.com/bug.php?id=32167http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.htmlhttp://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.htmlhttp://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.htmlhttp://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.htmlhttp://www.securityfocus.com/bid/29106http://www.securitytracker.com/id?1019995http://secunia.com/advisories/30134http://www.redhat.com/support/errata/RHSA-2008-0510.htmlhttp://secunia.com/advisories/31226http://www.debian.org/security/2008/dsa-1608http://www.mandriva.com/security/advisories?name=MDVSA-2008:150http://www.mandriva.com/security/advisories?name=MDVSA-2008:149http://www.redhat.com/support/errata/RHSA-2008-0505.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlhttp://secunia.com/advisories/31066http://secunia.com/advisories/31687http://www.securityfocus.com/bid/31681http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlhttp://support.apple.com/kb/HT3216http://secunia.com/advisories/32222http://www.redhat.com/support/errata/RHSA-2008-0768.htmlhttp://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlhttp://secunia.com/advisories/36701http://support.apple.com/kb/HT3865http://www.vupen.com/english/advisories/2008/1472/referenceshttp://www.vupen.com/english/advisories/2008/2780http://www.ubuntu.com/usn/USN-671-1http://secunia.com/advisories/32769http://www.redhat.com/support/errata/RHSA-2009-1289.htmlhttp://secunia.com/advisories/36566https://exchange.xforce.ibmcloud.com/vulnerabilities/42267https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133https://access.redhat.com/errata/RHSA-2010:0109https://nvd.nist.govhttps://usn.ubuntu.com/671-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook