CVE-2008-4098

EUVD-2008-4082
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
canonicalubuntu_linux
6.06
canonicalubuntu_linux
7.10
canonicalubuntu_linux
8.04
canonicalubuntu_linux
8.10
canonicalubuntu_linux
9.04
canonicalubuntu_linux
9.10
debiandebian_linux
5.0
mysqlmysql
5.0.0
mysqlmysql
5.0.1
mysqlmysql
5.0.2
mysqlmysql
5.0.3
mysqlmysql
5.0.4
mysqlmysql
5.0.5
mysqlmysql
5.0.10
mysqlmysql
5.0.15
mysqlmysql
5.0.16
mysqlmysql
5.0.17
mysqlmysql
5.0.20
mysqlmysql
5.0.24
mysqlmysql
5.0.30
mysqlmysql
5.0.36
mysqlmysql
5.0.44
mysqlmysql
5.0.54
mysqlmysql
5.0.56
mysqlmysql
5.0.60
mysqlmysql
5.0.66
oraclemysql
5.0.23
oraclemysql
5.0.25
oraclemysql
5.0.26
oraclemysql
5.0.28
oraclemysql
5.0.30:sp1
oraclemysql
5.0.32
oraclemysql
5.0.34
oraclemysql
5.0.36:sp1
oraclemysql
5.0.38
oraclemysql
5.0.40
oraclemysql
5.0.41
oraclemysql
5.0.42
oraclemysql
5.0.44:sp1
oraclemysql
5.0.45
oraclemysql
5.0.46
oraclemysql
5.0.48
oraclemysql
5.0.50
oraclemysql
5.0.50:sp1
oraclemysql
5.0.51
oraclemysql
5.0.52
oraclemysql
5.0.56:sp1
oraclemysql
5.0.58
oraclemysql
5.0.60:sp1
oraclemysql
5.0.62
oraclemysql
5.0.64
oraclemysql
5.0.66:sp1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mysql-dfsg-5.0
dapper
Fixed 5.0.22-0ubuntu6.06.11
released
feisty
ignored
gutsy
Fixed 5.0.45-1ubuntu3.4
released
hardy
Fixed 5.0.51a-3ubuntu5.4
released
intrepid
Fixed 5.0.67-0ubuntu6.1
released
jaunty
not-affected
karmic
not-affected
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25
http://bugs.mysql.com/bug.php?id=32167
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://secunia.com/advisories/32578
http://secunia.com/advisories/32759
http://secunia.com/advisories/32769
http://secunia.com/advisories/38517
http://ubuntu.com/usn/usn-897-1
http://www.debian.org/security/2008/dsa-1662
http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
http://www.openwall.com/lists/oss-security/2008/09/09/20
http://www.openwall.com/lists/oss-security/2008/09/16/3
http://www.redhat.com/support/errata/RHSA-2009-1067.html
http://www.redhat.com/support/errata/RHSA-2010-0110.html
http://www.ubuntu.com/usn/USN-1397-1
http://www.ubuntu.com/usn/USN-671-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/45649
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10591
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25
http://bugs.mysql.com/bug.php?id=32167
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://secunia.com/advisories/32578
http://secunia.com/advisories/32759
http://secunia.com/advisories/32769
http://secunia.com/advisories/38517
http://ubuntu.com/usn/usn-897-1
http://www.debian.org/security/2008/dsa-1662
http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
http://www.openwall.com/lists/oss-security/2008/09/09/20
http://www.openwall.com/lists/oss-security/2008/09/16/3
http://www.redhat.com/support/errata/RHSA-2009-1067.html
http://www.redhat.com/support/errata/RHSA-2010-0110.html
http://www.ubuntu.com/usn/USN-1397-1
http://www.ubuntu.com/usn/USN-671-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/45649
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10591