cve-2008-2079
Vulnerability from cvelistv5
Published
2008-05-05 16:00
Modified
2024-08-07 08:49
Severity ?
Summary
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
References
secalert@redhat.comhttp://bugs.mysql.com/bug.php?id=32167Exploit, Patch, Vendor Advisory
secalert@redhat.comhttp://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.htmlVendor Advisory
secalert@redhat.comhttp://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.htmlVendor Advisory
secalert@redhat.comhttp://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.htmlVendor Advisory
secalert@redhat.comhttp://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.htmlVendor Advisory
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlThird Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/30134Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/31066Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/31226Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/31687Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/32222Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/32769Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/36566Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/36701Third Party Advisory
secalert@redhat.comhttp://support.apple.com/kb/HT3216Third Party Advisory
secalert@redhat.comhttp://support.apple.com/kb/HT3865Third Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2008/dsa-1608Third Party Advisory
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:149Third Party Advisory
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:150Third Party Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0505.htmlThird Party Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0510.htmlThird Party Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0768.htmlThird Party Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2009-1289.htmlThird Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/29106Patch, Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securityfocus.com/bid/31681Patch, Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1019995Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-671-1Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/1472/referencesThird Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/2780Third Party Advisory
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/42267Third Party Advisory, VDB Entry
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://bugs.mysql.com/bug.php?id=32167Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30134Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31066Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31226Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31687Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32222Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32769Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36566Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36701Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT3216Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT3865Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1608Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2008:149Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2008:150Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0505.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0510.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0768.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2009-1289.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/29106Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31681Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019995Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-671-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1472/referencesThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2780Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/42267Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133Third Party Advisory
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:49:57.795Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html"
          },
          {
            "name": "SUSE-SR:2008:017",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
          },
          {
            "name": "USN-671-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-671-1"
          },
          {
            "name": "mysql-myisam-security-bypass(42267)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42267"
          },
          {
            "name": "1019995",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019995"
          },
          {
            "name": "31681",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31681"
          },
          {
            "name": "31687",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31687"
          },
          {
            "name": "oval:org.mitre.oval:def:10133",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133"
          },
          {
            "name": "31226",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31226"
          },
          {
            "name": "RHSA-2009:1289",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1289.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html"
          },
          {
            "name": "RHSA-2008:0768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0768.html"
          },
          {
            "name": "30134",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30134"
          },
          {
            "name": "32769",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32769"
          },
          {
            "name": "APPLE-SA-2009-09-10-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
          },
          {
            "name": "MDVSA-2008:149",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:149"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html"
          },
          {
            "name": "32222",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32222"
          },
          {
            "name": "ADV-2008-1472",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1472/references"
          },
          {
            "name": "31066",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31066"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3865"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html"
          },
          {
            "name": "36701",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36701"
          },
          {
            "name": "RHSA-2008:0505",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0505.html"
          },
          {
            "name": "ADV-2008-2780",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2780"
          },
          {
            "name": "29106",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29106"
          },
          {
            "name": "RHSA-2008:0510",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0510.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.mysql.com/bug.php?id=32167"
          },
          {
            "name": "MDVSA-2008:150",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:150"
          },
          {
            "name": "DSA-1608",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1608"
          },
          {
            "name": "36566",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36566"
          },
          {
            "name": "APPLE-SA-2008-10-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3216"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-03-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html"
        },
        {
          "name": "SUSE-SR:2008:017",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
        },
        {
          "name": "USN-671-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-671-1"
        },
        {
          "name": "mysql-myisam-security-bypass(42267)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42267"
        },
        {
          "name": "1019995",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019995"
        },
        {
          "name": "31681",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31681"
        },
        {
          "name": "31687",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31687"
        },
        {
          "name": "oval:org.mitre.oval:def:10133",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133"
        },
        {
          "name": "31226",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31226"
        },
        {
          "name": "RHSA-2009:1289",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1289.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html"
        },
        {
          "name": "RHSA-2008:0768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0768.html"
        },
        {
          "name": "30134",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30134"
        },
        {
          "name": "32769",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32769"
        },
        {
          "name": "APPLE-SA-2009-09-10-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
        },
        {
          "name": "MDVSA-2008:149",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:149"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html"
        },
        {
          "name": "32222",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32222"
        },
        {
          "name": "ADV-2008-1472",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1472/references"
        },
        {
          "name": "31066",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31066"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3865"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html"
        },
        {
          "name": "36701",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36701"
        },
        {
          "name": "RHSA-2008:0505",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0505.html"
        },
        {
          "name": "ADV-2008-2780",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2780"
        },
        {
          "name": "29106",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29106"
        },
        {
          "name": "RHSA-2008:0510",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0510.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.mysql.com/bug.php?id=32167"
        },
        {
          "name": "MDVSA-2008:150",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:150"
        },
        {
          "name": "DSA-1608",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1608"
        },
        {
          "name": "36566",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36566"
        },
        {
          "name": "APPLE-SA-2008-10-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3216"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-2079",
    "datePublished": "2008-05-05T16:00:00",
    "dateReserved": "2008-05-05T00:00:00",
    "dateUpdated": "2024-08-07T08:49:57.795Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-2079\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2008-05-05T16:20:00.000\",\"lastModified\":\"2024-11-21T00:46:02.103\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.\"},{\"lang\":\"es\",\"value\":\"MySQL 4.1.x anterior a 4.1.24, 5.0.x antes de 5.0.60, 5.1.x anterior a 5.1.24 y 6.0.x antes de 6.0.5 permite a usuarios locales evitar ciertas comprobaciones de privilegios llamando a CREATE TABLE en una tabla MyISAM con argumentos (1) DATA DIRECTORY or (2) INDEX DIRECTORY modificados que est\u00e1n dentro del directorio MySQL home data, que puede apuntar a tablas que se crear\u00e1n en el futuro.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:S/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.1.0\",\"versionEndExcluding\":\"4.1.24\",\"matchCriteriaId\":\"56C895D3-2949-4B14-B059-F0E29D977982\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.0.60\",\"matchCriteriaId\":\"027481EF-83CF-40AF-8223-572B7915845F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.1.0\",\"versionEndExcluding\":\"5.1.24\",\"matchCriteriaId\":\"7F5416CD-0CEB-4C41-AE28-2A9C2B5600A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.0.5\",\"matchCriteriaId\":\"CA6A87CA-DA11-4B91-A3E9-6437042BDC1A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F92AB32-E7DE-43F4-B877-1F41FA162EC7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"823BF8BE-2309-4F67-A5E2-EAD98F723468\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701\"}]}]}],\"references\":[{\"url\":\"http://bugs.mysql.com/bug.php?id=32167\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/30134\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/31066\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/31226\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/31687\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/32222\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/32769\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/36566\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/36701\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3216\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3865\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2008/dsa-1608\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:149\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:150\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0505.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0510.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0768.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1289.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/29106\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/31681\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1019995\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-671-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1472/references\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2780\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42267\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://bugs.mysql.com/bug.php?id=32167\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/30134\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/31066\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/31226\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/31687\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/32222\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/32769\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/36566\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/36701\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3865\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2008/dsa-1608\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:149\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:150\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0505.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0510.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0768.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1289.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/29106\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/31681\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1019995\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-671-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1472/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2780\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42267\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}],\"evaluatorComment\":\"Per http://www.securityfocus.com/bid/29106 and http://secunia.com/advisories/32222, this vulnerability is remotely exploitable.\",\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"This issue did not affect MySQL as supplied with Red Hat Enterprise Linux 3.\\n\\nThis issue was addressed for Red Hat Enterprise Linux 4, 5, and Red Hat Application Stack v1, v2:\\nhttps://rhn.redhat.com/cve/CVE-2008-2079.html\\n\",\"lastModified\":\"2009-09-02T00:00:00\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.