Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-2079

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

Published

2008-05-05T16:20:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.6 (MEDIUM)

CVSSv2 Vector

AV:N/AC:H/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mysql	mysql	< 4.1.24	Yes
Application	mysql	mysql	< 5.0.60	Yes
Application	mysql	mysql	< 5.1.24	Yes
Application	oracle	mysql	< 6.0.5	Yes
Operating System	debian	debian_linux	4.0	Yes
Operating System	canonical	ubuntu_linux	6.06	Yes
Operating System	canonical	ubuntu_linux	7.10	Yes
Operating System	canonical	ubuntu_linux	8.04	Yes

References

http://bugs.mysql.com/bug.php?id=32167 Exploit, Patch, Vendor Advisory ([email protected])
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html Vendor Advisory ([email protected])
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html Vendor Advisory ([email protected])
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html Vendor Advisory ([email protected])
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html Vendor Advisory ([email protected])
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html Mailing List, Third Party Advisory ([email protected])
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html Third Party Advisory ([email protected])
http://secunia.com/advisories/30134 Third Party Advisory ([email protected])
http://secunia.com/advisories/31066 Third Party Advisory ([email protected])
http://secunia.com/advisories/31226 Third Party Advisory ([email protected])
http://secunia.com/advisories/31687 Third Party Advisory ([email protected])
http://secunia.com/advisories/32222 Third Party Advisory ([email protected])
http://secunia.com/advisories/32769 Third Party Advisory ([email protected])
http://secunia.com/advisories/36566 Third Party Advisory ([email protected])
http://secunia.com/advisories/36701 Third Party Advisory ([email protected])
http://support.apple.com/kb/HT3216 Third Party Advisory ([email protected])
http://support.apple.com/kb/HT3865 Third Party Advisory ([email protected])
http://www.debian.org/security/2008/dsa-1608 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:149 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:150 Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0505.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0510.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0768.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2009-1289.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/29106 Patch, Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/31681 Patch, Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1019995 Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/USN-671-1 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2008/1472/references Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2008/2780 Third Party Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/42267 Third Party Advisory, VDB Entry ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133 Third Party Advisory ([email protected])
http://bugs.mysql.com/bug.php?id=32167 Exploit, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30134 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/31066 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/31226 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/31687 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32222 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32769 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36566 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36701 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT3216 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT3865 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2008/dsa-1608 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:149 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:150 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0505.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0510.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0768.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2009-1289.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/29106 Patch, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/31681 Patch, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1019995 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-671-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/1472/references Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/2780 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42267 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)