CVE-2008-4097
Advisory lineage Upstream: 0 Downstream: 1
Downstream
Modified
Published: 17 Sept 2008, 18:06
Last modified:07 Aug 2024, 10:00
Vulnerability Summary
Overall Risk (default)
low
19/100 CVSS Score
4.6 MEDIUM
v2.0 (nvd)
EPSS Score
0.72% LOW
1% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
17 Sept 2008, 18:06
Published
Vulnerability first disclosed
07 Aug 2024, 10:00
Last Modified
Vulnerability information updated
Description
MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.
CVSS Metrics
- v2.0•MEDIUM•Score: 4.6AV:N/AC:H/Au:S/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 0.72%• Percentile: 73%
Techniques & Countermeasures
- CWE-264•Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
Affected Systems
- oracle•mysql
5.0.51a
References (9)
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
- http://www.ubuntu.com/usn/USN-671-1
- http://secunia.com/advisories/32769
- http://www.openwall.com/lists/oss-security/2008/09/09/20
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45648
- http://www.openwall.com/lists/oss-security/2008/09/16/3
- http://secunia.com/advisories/32759
- http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25