MySQL prior to 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
canonical ubuntu linux 9.04 |
||
canonical ubuntu linux 8.10 |
||
canonical ubuntu linux 6.06 |
||
canonical ubuntu linux 8.04 |
||
canonical ubuntu linux 7.10 |
||
canonical ubuntu linux 9.10 |
||
debian debian linux 5.0 |
||
mysql mysql 5.0.3 |
||
mysql mysql 5.0.4 |
||
mysql mysql 5.0.20 |
||
oracle mysql 5.0.26 |
||
oracle mysql 5.0.28 |
||
oracle mysql 5.0.36 |
||
oracle mysql 5.0.45 |
||
oracle mysql 5.0.46 |
||
oracle mysql 5.0.52 |
||
mysql mysql 5.0.54 |
||
mysql mysql 5.0.5 |
||
mysql mysql 5.0.15 |
||
mysql mysql 5.0.30 |
||
oracle mysql 5.0.30 |
||
mysql mysql 5.0.1 |
||
mysql mysql 5.0.2 |
||
mysql mysql 5.0.10 |
||
oracle mysql 5.0.25 |
||
oracle mysql 5.0.34 |
||
mysql mysql 5.0.36 |
||
mysql mysql 5.0.44 |
||
oracle mysql 5.0.44 |
||
oracle mysql 5.0.51 |
||
oracle mysql 5.0.60 |
||
oracle mysql 5.0.62 |
||
oracle mysql 5.0.38 |
||
oracle mysql 5.0.40 |
||
oracle mysql 5.0.48 |
||
oracle mysql 5.0.50 |
||
mysql mysql 5.0.56 |
||
oracle mysql 5.0.56 |
||
oracle mysql 5.0.66 |
||
mysql mysql 5.0.66 |
||
oracle mysql 5.0.64 |
||
mysql mysql 5.0.0 |
||
mysql mysql 5.0.16 |
||
mysql mysql 5.0.17 |
||
oracle mysql 5.0.23 |
||
mysql mysql 5.0.24 |
||
oracle mysql 5.0.32 |
||
oracle mysql 5.0.41 |
||
oracle mysql 5.0.42 |
||
oracle mysql 5.0.58 |
||
mysql mysql 5.0.60 |
Vulmon