Lucene search

K

[email protected]NVD:CVE-2008-2079

HistoryMay 05, 2008 - 4:20 p.m.

CVE-2008-2079

2008-05-0516:20:00

CWE-264

[email protected]

web.nvd.nist.gov

4.6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

Affected configurations

NVD

Node

mysqlmysqlRange4.1.0–4.1.24

OR

mysqlmysqlRange5.0.0–5.0.60

OR

mysqlmysqlRange5.1.0–5.1.24

OR

oraclemysqlRange6.0.0–6.0.5

Node

debiandebian_linuxMatch4.0

Node

canonicalubuntu_linuxMatch6.06lts

OR

canonicalubuntu_linuxMatch7.10

OR

canonicalubuntu_linuxMatch8.04lts

References

bugs.mysql.com/bug.php?id=32167

dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html

dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html

dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html

dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html

lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

secunia.com/advisories/30134

secunia.com/advisories/31066

secunia.com/advisories/31226

secunia.com/advisories/31687

secunia.com/advisories/32222

secunia.com/advisories/32769

secunia.com/advisories/36566

secunia.com/advisories/36701

support.apple.com/kb/HT3216

support.apple.com/kb/HT3865

www.debian.org/security/2008/dsa-1608

www.mandriva.com/security/advisories?name=MDVSA-2008:149

www.mandriva.com/security/advisories?name=MDVSA-2008:150

www.redhat.com/support/errata/RHSA-2008-0505.html

www.redhat.com/support/errata/RHSA-2008-0510.html

www.redhat.com/support/errata/RHSA-2008-0768.html

www.redhat.com/support/errata/RHSA-2009-1289.html

www.securityfocus.com/bid/29106

www.securityfocus.com/bid/31681

www.securitytracker.com/id?1019995

www.ubuntu.com/usn/USN-671-1

www.vupen.com/english/advisories/2008/1472/references

www.vupen.com/english/advisories/2008/2780

exchange.xforce.ibmcloud.com/vulnerabilities/42267

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133

4.6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

Related for NVD:CVE-2008-2079

nessus35 openvas50 cve3 seebug1 redhat4 ubuntucve3 cvelist3 freebsd2 debian1 gentoo1 veracode1 prion3 osv1 nvd2 securityvulns2 redhatcve1 centos1 oraclelinux2 ubuntu1 suse1