CVE-2008-4098

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:S/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
canonicalubuntu_linux
6.06
canonicalubuntu_linux
7.10
canonicalubuntu_linux
8.04
canonicalubuntu_linux
8.10
canonicalubuntu_linux
9.04
canonicalubuntu_linux
9.10
debiandebian_linux
5.0
mysqlmysql
5.0.0
mysqlmysql
5.0.1
mysqlmysql
5.0.2
mysqlmysql
5.0.3
mysqlmysql
5.0.4
mysqlmysql
5.0.5
mysqlmysql
5.0.10
mysqlmysql
5.0.15
mysqlmysql
5.0.16
mysqlmysql
5.0.17
mysqlmysql
5.0.20
mysqlmysql
5.0.24
mysqlmysql
5.0.30
mysqlmysql
5.0.36
mysqlmysql
5.0.44
mysqlmysql
5.0.54
mysqlmysql
5.0.56
mysqlmysql
5.0.60
mysqlmysql
5.0.66
oraclemysql
5.0.23
oraclemysql
5.0.25
oraclemysql
5.0.26
oraclemysql
5.0.28
oraclemysql
5.0.30:sp1
oraclemysql
5.0.32
oraclemysql
5.0.34
oraclemysql
5.0.36:sp1
oraclemysql
5.0.38
oraclemysql
5.0.40
oraclemysql
5.0.41
oraclemysql
5.0.42
oraclemysql
5.0.44:sp1
oraclemysql
5.0.45
oraclemysql
5.0.46
oraclemysql
5.0.48
oraclemysql
5.0.50
oraclemysql
5.0.50:sp1
oraclemysql
5.0.51
oraclemysql
5.0.52
oraclemysql
5.0.56:sp1
oraclemysql
5.0.58
oraclemysql
5.0.60:sp1
oraclemysql
5.0.62
oraclemysql
5.0.64
oraclemysql
5.0.66:sp1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mysql-dfsg-5.0
karmic
not-affected
jaunty
not-affected
intrepid
Fixed 5.0.67-0ubuntu6.1
released
hardy
Fixed 5.0.51a-3ubuntu5.4
released
gutsy
Fixed 5.0.45-1ubuntu3.4
released
feisty
ignored
dapper
Fixed 5.0.22-0ubuntu6.06.11
released
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25
http://bugs.mysql.com/bug.php?id=32167
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://secunia.com/advisories/32578
http://secunia.com/advisories/32759
http://secunia.com/advisories/32769
http://secunia.com/advisories/38517
http://ubuntu.com/usn/usn-897-1
http://www.debian.org/security/2008/dsa-1662
http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
http://www.openwall.com/lists/oss-security/2008/09/09/20
http://www.openwall.com/lists/oss-security/2008/09/16/3
http://www.redhat.com/support/errata/RHSA-2009-1067.html
http://www.redhat.com/support/errata/RHSA-2010-0110.html
http://www.ubuntu.com/usn/USN-1397-1
http://www.ubuntu.com/usn/USN-671-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/45649
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10591
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25
http://bugs.mysql.com/bug.php?id=32167
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://secunia.com/advisories/32578
http://secunia.com/advisories/32759
http://secunia.com/advisories/32769
http://secunia.com/advisories/38517
http://ubuntu.com/usn/usn-897-1
http://www.debian.org/security/2008/dsa-1662
http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
http://www.openwall.com/lists/oss-security/2008/09/09/20
http://www.openwall.com/lists/oss-security/2008/09/16/3
http://www.redhat.com/support/errata/RHSA-2009-1067.html
http://www.redhat.com/support/errata/RHSA-2010-0110.html
http://www.ubuntu.com/usn/USN-1397-1
http://www.ubuntu.com/usn/USN-671-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/45649
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10591