| Revision Date: | 2013-04-29 | Version: | 11 |
| Title: | MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097. |
| Description: | MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097. |
| Family: | unix | Class: | vulnerability |
| Status: | ACCEPTED | Reference(s): | CVE-2008-4098
|
| Platform(s): | CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 4
| Product(s): | |
| Definition Synopsis |
| RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4
OR CentOS Linux 4.x
OR Oracle Linux 4.x
AND Configuration section
mysql is earlier than 0:4.1.22-2.el4_8.3
OR mysql-devel is earlier than 0:4.1.22-2.el4_8.3
OR mysql-bench is earlier than 0:4.1.22-2.el4_8.3
OR mysql-server is earlier than 0:4.1.22-2.el4_8.3
|