Lucene search

K

[email protected]CVE-2008-2079

HistoryMay 05, 2008 - 4:20 p.m.

CVE-2008-2079

2008-05-0516:20:00

CWE-264

[email protected]

web.nvd.nist.gov

192

cve-2008-2079

mysql

privilege bypass

create table

nvd

6 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

14.5%

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

CPENameOperatorVersion
mysql:mysqlmysqllt4.1.24
mysql:mysqlmysqllt5.0.60
mysql:mysqlmysqllt5.1.24
oracle:mysqloracle mysqllt6.0.5
debian:debian_linuxdebian debian linuxeq4.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.06
canonical:ubuntu_linuxcanonical ubuntu linuxeq7.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.04

References

bugs.mysql.com/bug.php?id=32167

dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html

dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html

dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html

dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html

lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

secunia.com/advisories/30134

secunia.com/advisories/31066

secunia.com/advisories/31226

secunia.com/advisories/31687

secunia.com/advisories/32222

secunia.com/advisories/32769

secunia.com/advisories/36566

secunia.com/advisories/36701

support.apple.com/kb/HT3216

support.apple.com/kb/HT3865

www.debian.org/security/2008/dsa-1608

www.mandriva.com/security/advisories?name=MDVSA-2008:149

www.mandriva.com/security/advisories?name=MDVSA-2008:150

www.redhat.com/support/errata/RHSA-2008-0505.html

www.redhat.com/support/errata/RHSA-2008-0510.html

www.redhat.com/support/errata/RHSA-2008-0768.html

www.redhat.com/support/errata/RHSA-2009-1289.html

www.securityfocus.com/bid/29106

www.securityfocus.com/bid/31681

www.securitytracker.com/id?1019995

www.ubuntu.com/usn/USN-671-1

www.vupen.com/english/advisories/2008/1472/references

www.vupen.com/english/advisories/2008/2780

exchange.xforce.ibmcloud.com/vulnerabilities/42267

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133

6 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

14.5%

Related for CVE-2008-2079

nessus35 openvas50 veracode1 gentoo1 seebug1 redhat4 ubuntucve3 debian1 freebsd2 prion3 cve2 osv1 securityvulns2 redhatcve1 centos1 oraclelinux2 ubuntu1 suse1