← Back

CVE-2008-4098

nvd nist
Published: Sep 18, 2008Modified: Apr 23, 2026

JSON object

Loading...
4.6
Vector
AV:N/AC:H/Au:S/C:P/I:P/A:P
Exploitability: 3.9 / Impact: 6.4
Source: NVD

Description

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.

Affected (52)

Products: Canonical: Ubuntu Linux · Debian: Debian Linux · Mysql: Mysql · +1 more
Show all products
Canonical: Ubuntu Linux · Debian: Debian Linux · Mysql: Mysql · Oracle: Mysql
Canonical
1 product
Ubuntu Linux
Debian
1 product
Debian Linux
Mysql
1 product
Mysql
Oracle
1 product
Mysql
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 6.06
Ubuntu Linux
Version 7.10
Ubuntu Linux
Version 8.04
Ubuntu Linux
Version 8.10
Ubuntu Linux
Version 9.04
Ubuntu Linux
Version 9.10
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 5.0
Configuration C
45 vulnerable
Vulnerable SoftwareAffected Versions
Mysql
Mysql
Version 5.0.0
Mysql
Version 5.0.10
Mysql
Version 5.0.15
Mysql
Version 5.0.16
Mysql
Version 5.0.17
Mysql
Version 5.0.1
Mysql
Version 5.0.20
Mysql
Version 5.0.24
Mysql
Version 5.0.2
Mysql
Version 5.0.30
Mysql
Version 5.0.36
Mysql
Version 5.0.3
Mysql
Version 5.0.44
Mysql
Version 5.0.4
Mysql
Version 5.0.54
Mysql
Version 5.0.56
Mysql
Version 5.0.5
Mysql
Version 5.0.60
Mysql
Version 5.0.66
Oracle
Mysql
Version 5.0.23
Mysql
Version 5.0.25
Mysql
Version 5.0.26
Mysql
Version 5.0.28
Mysql
Version 5.0.30 sp1
Mysql
Version 5.0.32
Mysql
Version 5.0.34
Mysql
Version 5.0.36 sp1
Mysql
Version 5.0.38
Mysql
Version 5.0.40
Mysql
Version 5.0.41
Mysql
Version 5.0.42
Mysql
Version 5.0.44 sp1
Mysql
Version 5.0.45
Mysql
Version 5.0.46
Mysql
Version 5.0.48
Mysql
Version 5.0.50
Mysql
Version 5.0.50 sp1
Mysql
Version 5.0.51
Mysql
Version 5.0.52
Mysql
Version 5.0.56 sp1
Mysql
Version 5.0.58
Mysql
Version 5.0.60 sp1
Mysql
Version 5.0.62
Mysql
Version 5.0.64
Mysql
Version 5.0.66 sp1

Related CWEs

CWE-59
Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (36)

Source: secalert@redhat.com
Issue TrackingThird Party Advisory
Source: secalert@redhat.com
Issue TrackingPatchVendor Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Not Applicable
Source: secalert@redhat.com
Not Applicable
Source: secalert@redhat.com
Not Applicable
Source: secalert@redhat.com
Not Applicable
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.