Vulnerability Name:

CVE-2008-4098 (CCN-45649)

Assigned:2008-07-03
Published:2008-07-03
Updated:2019-12-17
Summary:MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory.
Note: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P)
3.4 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.4 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
3.2 Low (REDHAT CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:N)
2.4 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-59
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: Debian Bug report logs - #480292
Re: CVE-2008-2079: mysql allows local users to bypass certain privilege checks

Source: MISC
Type: Issue Tracking, Third Party Advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25

Source: CONFIRM
Type: Issue Tracking, Patch, Vendor Advisory
http://bugs.mysql.com/bug.php?id=32167

Source: MITRE
Type: CNA
CVE-2008-4098

Source: CCN
Type: MySQL Web site
MySQL Downloads

Source: SUSE
Type: Third Party Advisory
SUSE-SR:2008:025

Source: CCN
Type: RHSA-2009-1067
Moderate: Red Hat Application Stack v2.3 security and enhancement update

Source: CCN
Type: RHSA-2010-0110
Moderate: mysql security update

Source: SECUNIA
Type: Not Applicable
32578

Source: SECUNIA
Type: Not Applicable
32759

Source: SECUNIA
Type: Not Applicable
32769

Source: SECUNIA
Type: Not Applicable
38517

Source: CCN
Type: ASA-2009-199
Red Hat Application Stack v2.3 security and enhancement update (RHSA-2009-1067)

Source: UBUNTU
Type: Third Party Advisory
USN-897-1

Source: DEBIAN
Type: Third Party Advisory
DSA-1662

Source: DEBIAN
Type: DSA-1662
mysql-dfsg-5.0 -- authorization bypass

Source: MANDRIVA
Type: Broken Link
MDVSA-2009:094

Source: CCN
Type: oss-security Mailing List, Tue, 9 Sep 2008 22:23:45 +0200
Re: CVE request: MySQL incomplete fix for CVE-2008-2079

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20080909 Re: CVE request: MySQL incomplete fix for CVE-2008-2079

Source: CCN
Type: oss-security Mailing List, Mon, 15 Sep 2008 20:53:40 -0400 (EDT)
Re: CVE request: MySQL incomplete fix for CVE-2008-2079

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20080916 Re: CVE request: MySQL incomplete fix for CVE-2008-2079

Source: CCN
Type: OSVDB ID: 60665
MySQL CREATE TABLE MyISAM Table mysql_unpacked_real_data_home Local Restriction Bypass

Source: CCN
Type: OSVDB ID: 64843
MySQL DROP TABLE Command Symlink MyISAM Table Local Data Deletion

Source: REDHAT
Type: Third Party Advisory
RHSA-2009:1067

Source: REDHAT
Type: Third Party Advisory
RHSA-2010:0110

Source: UBUNTU
Type: UNKNOWN
USN-1397-1

Source: CCN
Type: USN-671-1
MySQL vulnerabilities

Source: UBUNTU
Type: Third Party Advisory
USN-671-1

Source: CCN
Type: USN-897-1
MySQL vulnerabilities

Source: XF
Type: UNKNOWN
mysql-myisam-symlink-security-bypass(45649)

Source: XF
Type: UNKNOWN
mysql-myisam-symlink-security-bypass(45649)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10591

Source: SUSE
Type: SUSE-SR:2008:025
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2009:001
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:oracle:mysql:5.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.4:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.5:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.10:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.15:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.16:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.17:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.20:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.24:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.30:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.36:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.44:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.54:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.56:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.60:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.66:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.25:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.26:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.28:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.32:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.34:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.36:sp1:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.38:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.40:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.41:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.42:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.44:sp1:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.45:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.46:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.48:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.50:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.50:sp1:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.51:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.52:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.56:sp1:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.58:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.60:sp1:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.62:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.64:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.66:sp1:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:mysql:3.23.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.22.29:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.22.27:*:*:*:*:*:*:*
  • OR cpe:/a:mysql:mysql:*:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.49:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.54:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.25:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.13:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.44:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.20:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.20.32a:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.21:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.22:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.22.26:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.22.28:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.22.30:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.22.32:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.0:alpha:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.10:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.11:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.12:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.13:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.14:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.15:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.16:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.17:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.18:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.19:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.20:beta:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.21:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.22:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.23:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.24:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.25:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.26:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.27:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.28:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.28:gamma:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.29:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.30:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.31:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.32:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.33:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.34:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.35:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.36:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.37:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.38:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.39:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.40:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.41:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.42:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.43:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.44:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.45:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.46:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.47:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.48:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.50:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.51:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.52:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.53:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.53a:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.54a:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.55:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.56:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.57:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.58:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.59:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:3.23.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.24:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.26:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.27:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.10:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.10:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.12:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.12:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.13:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.14:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.14:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.15:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.15:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.16:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.17:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.18:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.19:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.2:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.2:alpha:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.20:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.21:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.22:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.3:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.3:beta:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.8:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.8:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:4.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.10:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.10:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.15:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.15:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.16:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.16:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.17:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.17:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.1:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.20:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.20:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.22:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.24:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.27:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.33:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.37:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.3:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.4:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.41:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.4:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.5:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mysql:mysql:5.0.22.1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.51a:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.50:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.45:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.30:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.42:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:mysql:mysql:4.1.23:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.38:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.36:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.32:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.25:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.24:a:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.51:b:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_application_stack:2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04:*:lts:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20084098
    V
    		CVE-2008-4098
    2017-09-27
    oval:org.mitre.oval:def:13088
    P
    		USN-897-1 -- mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:14934
    P
    		USN-1397-1 -- MySQL vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:16963
    P
    		USN-671-1 -- mysql-dfsg-5.0 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:18440
    P
    		DSA-1662-1 mysql-dfsg-5.0 - authorisation bypass
    2014-06-23
    oval:org.mitre.oval:def:7628
    P
    		DSA-1662 mysql-dfsg-5.0 -- authorisation bypass
    2014-06-23
    oval:org.mitre.oval:def:10591
    V
    		MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
    2013-04-29
    oval:com.redhat.rhsa:def:20100110
    P
    		RHSA-2010:0110: mysql security update (Moderate)
    2010-02-16
    oval:org.debian:def:1662
    V
    		authorization bypass
    2008-11-06
    BACK
    canonical ubuntu linux 6.06
    canonical ubuntu linux 7.10
    canonical ubuntu linux 8.04
    canonical ubuntu linux 8.10
    canonical ubuntu linux 9.04
    canonical ubuntu linux 9.10
    debian debian linux 5.0
    mysql mysql 5.0.0
    mysql mysql 5.0.1
    mysql mysql 5.0.2
    mysql mysql 5.0.3
    mysql mysql 5.0.4
    mysql mysql 5.0.5
    mysql mysql 5.0.10
    mysql mysql 5.0.15
    mysql mysql 5.0.16
    mysql mysql 5.0.17
    mysql mysql 5.0.20
    mysql mysql 5.0.24
    mysql mysql 5.0.30
    mysql mysql 5.0.36
    mysql mysql 5.0.44
    mysql mysql 5.0.54
    mysql mysql 5.0.56
    mysql mysql 5.0.60
    mysql mysql 5.0.66
    oracle mysql 5.0.23
    oracle mysql 5.0.25
    oracle mysql 5.0.26
    oracle mysql 5.0.28
    oracle mysql 5.0.30 sp1
    oracle mysql 5.0.32
    oracle mysql 5.0.34
    oracle mysql 5.0.36 sp1
    oracle mysql 5.0.38
    oracle mysql 5.0.40
    oracle mysql 5.0.41
    oracle mysql 5.0.42
    oracle mysql 5.0.44 sp1
    oracle mysql 5.0.45
    oracle mysql 5.0.46
    oracle mysql 5.0.48
    oracle mysql 5.0.50
    oracle mysql 5.0.50 sp1
    oracle mysql 5.0.51
    oracle mysql 5.0.52
    oracle mysql 5.0.56 sp1
    oracle mysql 5.0.58
    oracle mysql 5.0.60 sp1
    oracle mysql 5.0.62
    oracle mysql 5.0.64
    oracle mysql 5.0.66 sp1
    mysql mysql 3.23.8
    mysql mysql 3.22.29
    mysql mysql 3.22.27
    mysql mysql *
    mysql mysql 3.23.49
    mysql mysql 3.23.54
    mysql mysql 5.0
    mysql mysql 3.23
    mysql mysql 4.0.18
    mysql mysql 4.0.20
    mysql mysql 4.0.17
    mysql mysql 4.0.23
    mysql mysql 4.0.25
    mysql mysql 4.1.13
    mysql mysql 5.0.18
    mysql mysql 5.0.5.0.21
    mysql mysql 5.0.44
    mysql mysql 3.20
    mysql mysql 3.20.32a
    mysql mysql 3.21
    mysql mysql 3.22
    mysql mysql 3.22.26
    mysql mysql 3.22.28
    mysql mysql 3.22.30
    mysql mysql 3.22.32
    mysql mysql 3.23.0 alpha
    mysql mysql 3.23.1
    mysql mysql 3.23.10
    mysql mysql 3.23.11
    mysql mysql 3.23.12
    mysql mysql 3.23.13
    mysql mysql 3.23.14
    mysql mysql 3.23.15
    mysql mysql 3.23.16
    mysql mysql 3.23.17
    mysql mysql 3.23.18
    mysql mysql 3.23.19
    mysql mysql 3.23.2
    mysql mysql 3.23.20 beta
    mysql mysql 3.23.21
    mysql mysql 3.23.22
    mysql mysql 3.23.23
    mysql mysql 3.23.24
    mysql mysql 3.23.25
    mysql mysql 3.23.26
    mysql mysql 3.23.27
    mysql mysql 3.23.28
    mysql mysql 3.23.28 gamma
    mysql mysql 3.23.29
    mysql mysql 3.23.3
    mysql mysql 3.23.30
    mysql mysql 3.23.31
    mysql mysql 3.23.32
    mysql mysql 3.23.33
    mysql mysql 3.23.34
    mysql mysql 3.23.35
    mysql mysql 3.23.36
    mysql mysql 3.23.37
    mysql mysql 3.23.38
    mysql mysql 3.23.39
    mysql mysql 3.23.4
    mysql mysql 3.23.40
    mysql mysql 3.23.41
    mysql mysql 3.23.42
    mysql mysql 3.23.43
    mysql mysql 3.23.44
    mysql mysql 3.23.45
    mysql mysql 3.23.46
    mysql mysql 3.23.47
    mysql mysql 3.23.48
    mysql mysql 3.23.5
    mysql mysql 3.23.50
    mysql mysql 3.23.51
    mysql mysql 3.23.52
    mysql mysql 3.23.53
    mysql mysql 3.23.53a
    mysql mysql 3.23.54a
    mysql mysql 3.23.55
    mysql mysql 3.23.56
    mysql mysql 3.23.57
    mysql mysql 3.23.58
    mysql mysql 3.23.59
    mysql mysql 3.23.6
    mysql mysql 3.23.7
    mysql mysql 3.23.9
    mysql mysql 4.0.0
    mysql mysql 4.0.1
    mysql mysql 4.0.10
    mysql mysql 4.0.11
    mysql mysql 4.0.11 gamma
    mysql mysql 4.0.12
    mysql mysql 4.0.13
    mysql mysql 4.0.14
    mysql mysql 4.0.15
    mysql mysql 4.0.16
    mysql mysql 4.0.19
    mysql mysql 4.0.2
    mysql mysql 4.0.21
    mysql mysql 4.0.24
    mysql mysql 4.0.26
    mysql mysql 4.0.27
    mysql mysql 4.0.3
    mysql mysql 4.0.4
    mysql mysql 4.0.5
    mysql mysql 4.0.5a
    mysql mysql 4.0.6
    mysql mysql 4.0.7
    mysql mysql 4.0.7 gamma
    mysql mysql 4.0.8
    mysql mysql 4.0.8 gamma
    mysql mysql 4.0.9
    mysql mysql 4.0.9 gamma
    mysql mysql 4.1
    mysql mysql 4.1.0
    mysql mysql 4.1.0.0
    mysql mysql 4.1.0 alpha
    mysql mysql 4.1.1
    mysql mysql 4.1.10
    mysql mysql 4.1.10a
    mysql mysql 4.1.11
    mysql mysql 4.1.12
    mysql mysql 4.1.12a
    mysql mysql 4.1.13a
    mysql mysql 4.1.14
    mysql mysql 4.1.14a
    mysql mysql 4.1.15
    mysql mysql 4.1.15a
    mysql mysql 4.1.16
    mysql mysql 4.1.17
    mysql mysql 4.1.18
    mysql mysql 4.1.19
    mysql mysql 4.1.2
    mysql mysql 4.1.2 alpha
    mysql mysql 4.1.20
    mysql mysql 4.1.21
    mysql mysql 4.1.22
    mysql mysql 4.1.3
    mysql mysql 4.1.3 beta
    mysql mysql 4.1.4
    mysql mysql 4.1.5
    mysql mysql 4.1.6
    mysql mysql 4.1.7
    mysql mysql 4.1.8
    mysql mysql 4.1.8a
    mysql mysql 4.1.9
    mysql mysql 5.0.0
    mysql mysql 5.0.0.0
    mysql mysql 5.0.0 alpha
    mysql mysql 5.0.1
    mysql mysql 5.0.10
    mysql mysql 5.0.10a
    mysql mysql 5.0.11
    mysql mysql 5.0.12
    mysql mysql 5.0.13
    mysql mysql 5.0.14
    mysql mysql 5.0.15
    mysql mysql 5.0.15a
    mysql mysql 5.0.16
    mysql mysql 5.0.16a
    mysql mysql 5.0.17
    mysql mysql 5.0.17a
    mysql mysql 5.0.19
    mysql mysql 5.0.1a
    mysql mysql 5.0.2
    mysql mysql 5.0.20
    mysql mysql 5.0.20a
    mysql mysql 5.0.21
    mysql mysql 5.0.22
    mysql mysql 5.0.24
    mysql mysql 5.0.27
    mysql mysql 5.0.3
    mysql mysql 5.0.3 beta
    mysql mysql 5.0.33
    mysql mysql 5.0.37
    mysql mysql 5.0.3a
    mysql mysql 5.0.4
    mysql mysql 5.0.41
    mysql mysql 5.0.4a
    mysql mysql 5.0.5
    mysql mysql 5.0.6
    mysql mysql 5.0.7
    mysql mysql 5.0.8
    mysql mysql 5.0.9
    mysql mysql 5.0.22.1.0.1
    mysql mysql 5.0.51a
    mysql mysql 5.0.30 sp1
    mysql mysql 5.0.50
    mysql mysql 5.0.45
    mysql mysql 5.0.30
    mysql mysql 5.0.42
    mysql mysql 5.0.23
    mysql mysql 4.1.23
    mysql mysql 5.0.38
    mysql mysql 5.0.36
    mysql mysql 5.0.32
    mysql mysql 5.0.25
    mysql mysql 5.0.24a
    mysql mysql 5.0.51b
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    canonical ubuntu 6.06
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    canonical ubuntu 7.10
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.1 x86_64
    redhat rhel application stack 2
    mandrakesoft mandrake linux 2008.1
    canonical ubuntu 8.04
    mandriva linux 2009.0
    mandriva linux 2009.0 -
    mandriva linux 2009.1
    mandriva linux 2009.1
    mandriva enterprise server 5
    mandriva enterprise server 5
    mandriva linux 2010
    mandriva linux 2010