CVE-2008-4097

MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.

Published: Sep 18, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-4097
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:N/AC:H/Au:S/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
oracle / mysql	5.0.51a	5.0.51a.x

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://secunia.com/advisories/32759
http://secunia.com/advisories/32769
http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
http://www.openwall.com/lists/oss-security/2008/09/09/20
http://www.openwall.com/lists/oss-security/2008/09/16/3
http://www.ubuntu.com/usn/USN-671-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/45648

Vulnerability Database

289,697

CVE-2008-4097