CVE - CVE-2008-2079

CVE-ID
CVE-2008-2079	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://bugs.mysql.com/bug.php?id=32167 CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html CONFIRM:http://support.apple.com/kb/HT3216 CONFIRM:http://support.apple.com/kb/HT3865 APPLE:APPLE-SA-2008-10-09 URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html APPLE:APPLE-SA-2009-09-10-2 URL:http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html DEBIAN:DSA-1608 URL:http://www.debian.org/security/2008/dsa-1608 MANDRIVA:MDVSA-2008:149 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:149 MANDRIVA:MDVSA-2008:150 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:150 REDHAT:RHSA-2008:0505 URL:http://www.redhat.com/support/errata/RHSA-2008-0505.html REDHAT:RHSA-2008:0510 URL:http://www.redhat.com/support/errata/RHSA-2008-0510.html REDHAT:RHSA-2008:0768 URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html REDHAT:RHSA-2009:1289 URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html SUSE:SUSE-SR:2008:017 URL:http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html UBUNTU:USN-671-1 URL:http://www.ubuntu.com/usn/USN-671-1 BID:29106 URL:http://www.securityfocus.com/bid/29106 BID:31681 URL:http://www.securityfocus.com/bid/31681 OVAL:oval:org.mitre.oval:def:10133 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133 SECUNIA:36701 URL:http://secunia.com/advisories/36701 SECUNIA:32769 URL:http://secunia.com/advisories/32769 SECUNIA:36566 URL:http://secunia.com/advisories/36566 VUPEN:ADV-2008-1472 URL:http://www.vupen.com/english/advisories/2008/1472/references VUPEN:ADV-2008-2780 URL:http://www.vupen.com/english/advisories/2008/2780 SECTRACK:1019995 URL:http://www.securitytracker.com/id?1019995 SECUNIA:30134 URL:http://secunia.com/advisories/30134 SECUNIA:31066 URL:http://secunia.com/advisories/31066 SECUNIA:31226 URL:http://secunia.com/advisories/31226 SECUNIA:31687 URL:http://secunia.com/advisories/31687 SECUNIA:32222 URL:http://secunia.com/advisories/32222 XF:mysql-myisam-security-bypass(42267) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/42267
Assigning CNA
N/A
Date Entry Created
20080505	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080505)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.