Your submission was sent successfully! Close

CVE-2008-4098

Published: 18 September 2008

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.

Priority

Medium

Status

Package Release Status
mysql-dfsg-5.0
Launchpad, Ubuntu, Debian
dapper
Released (5.0.22-0ubuntu6.06.11)
feisty Needed
(reached end-of-life)
gutsy
Released (5.0.45-1ubuntu3.4)
hardy
Released (5.0.51a-3ubuntu5.4)
intrepid
Released (5.0.67-0ubuntu6.1)
jaunty Not vulnerable
(5.1.30really5.0.75-0ubuntu10.2)
karmic Not vulnerable
(5.1.30really5.0.83-0ubuntu3)
upstream
Released (5.0.67)