Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2009-4030
HistoryNov 30, 2009 - 5:30 p.m.

CVE-2009-4030

2009-11-3017:30:00
CWE-59
[email protected]
web.nvd.nist.gov

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.8%

JSON

MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.

Affected configurations

NVD
Node
mysqlmysqlMatch5.1.5
OR
mysqlmysqlMatch5.1.23
OR
mysqlmysqlMatch5.1.32
OR
oraclemysqlMatch5.1
OR
oraclemysqlMatch5.1.1
OR
oraclemysqlMatch5.1.2
OR
oraclemysqlMatch5.1.3
OR
oraclemysqlMatch5.1.4
OR
oraclemysqlMatch5.1.6
OR
oraclemysqlMatch5.1.7
OR
oraclemysqlMatch5.1.8
OR
oraclemysqlMatch5.1.9
OR
oraclemysqlMatch5.1.10
OR
oraclemysqlMatch5.1.11
OR
oraclemysqlMatch5.1.12
OR
oraclemysqlMatch5.1.13
OR
oraclemysqlMatch5.1.14
OR
oraclemysqlMatch5.1.15
OR
oraclemysqlMatch5.1.16
OR
oraclemysqlMatch5.1.17
OR
oraclemysqlMatch5.1.18
OR
oraclemysqlMatch5.1.19
OR
oraclemysqlMatch5.1.20
OR
oraclemysqlMatch5.1.21
OR
oraclemysqlMatch5.1.22
OR
oraclemysqlMatch5.1.30

References

Related

ubuntucve 6
cvelist 6
prion 6
cve 6
nessus 58
openvas 67
securityvulns 6
freebsd 2
oraclelinux 5
centos 4
redhat 8
ubuntu 2
seebug 3
debian 5
gentoo 1
veracode 4
nvd 5
osv 3
redhatcve 1
suse 1
ubuntucve
ubuntucve
CVE-2009-4030
2009-11-30 00:00:00
CVE-2008-2079
2008-05-05 00:00:00
CVE-2008-4097
2008-09-18 00:00:00
cvelist
cvelist
CVE-2009-4030
2009-11-30 17:00:00
CVE-2008-2079
2008-05-05 16:00:00
CVE-2008-4097
2008-09-17 18:06:00
prion
prion
Privilege escalation
2009-11-30 17:30:00
Privilege escalation
2008-05-05 16:20:00
Privilege escalation
2012-10-09 23:55:00
cve
cve
CVE-2009-4030
2009-11-30 17:30:00
CVE-2008-2079
2008-05-05 16:20:00
CVE-2008-4097
2008-09-18 15:04:27
nessus
nessus
MySQL Enterprise Server 5.0 < 5.0.70 Privilege Bypass
2008-11-09 00:00:00
RHEL 5 : mysql (RHSA-2010:0109)
2010-02-17 00:00:00
Scientific Linux Security Update : mysql on SL4.x i386/x86_64
2012-08-01 00:00:00
openvas
openvas
CentOS Update for mysql CESA-2010:0110 centos4 i386
2010-02-19 00:00:00
CentOS Update for mysql CESA-2010:0110 centos4 i386
2010-02-19 00:00:00
CentOS Update for mysql CESA-2010:0109 centos5 i386
2011-08-09 00:00:00
securityvulns
securityvulns
[ MDVSA-2010:012 ] mysql
2010-01-19 00:00:00
MySQL privilege escalation
2008-11-10 00:00:00
MySQL dynamic functions loading vulnerability
2009-03-17 00:00:00
freebsd
freebsd
mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths
2008-07-03 00:00:00
mysql -- MyISAM table privileges security bypass vulnerability
2008-05-05 00:00:00
oraclelinux
oraclelinux
mysql security update
2010-02-16 00:00:00
mysql security and bug fix update
2013-01-11 00:00:00
mysql security update
2010-02-16 00:00:00
centos
centos
mysql security update
2010-02-17 16:42:25
mysql security update
2013-01-09 20:34:31
mysql security update
2010-03-01 18:43:17
redhat
redhat
(RHSA-2010:0110) Moderate: mysql security update
2010-02-16 00:00:00
(RHSA-2008:0510) Moderate: Red Hat Application Stack v1.3 security and enhancement update
2008-07-02 00:00:00
(RHSA-2013:0121) Low: mysql security and bug fix update
2013-01-08 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2008-11-17 00:00:00
MySQL vulnerabilities
2010-02-10 00:00:00
seebug
seebug
MySQL MyISAM葨绕过权限检ζŸ₯漏洞
2008-05-12 00:00:00
MySQL MyISAM葨符号链ζŽ₯ζœ¬εœ°ζƒι™ζε‡ζΌζ΄ž
2009-12-02 00:00:00
MySQL vulnerabilities
2010-02-13 00:00:00
debian
debian
[SECURITY] [DSA 1608-1] New mysql-dfsg-5.0 packages fix authorization bypass
2008-07-13 04:55:16
[SECURITY] [DSA 1662-1] New mysql-dfsg-5.0 packages fix authorization bypass
2008-11-06 04:20:00
[SECURITY] [DSA 1662-1] New mysql-dfsg-5.0 packages fix authorization bypass
2008-11-06 04:20:00
gentoo
gentoo
MySQL: Privilege bypass
2008-09-04 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:22:36
Privilege Escalation
2020-04-10 00:43:13
Authorization Bypass
2020-04-10 00:32:25
nvd
nvd
CVE-2008-2079
2008-05-05 16:20:00
CVE-2012-4452
2012-10-09 23:55:05
CVE-2008-4097
2008-09-18 15:04:27
osv
osv
mysql-dfsg-5.0 - authorization bypass
2008-07-13 00:00:00
mysql-dfsg-5.0 - authorization bypass
2008-11-06 00:00:00
mysql-dfsg-5.0 - several vulnerabilities
2010-02-14 00:00:00
redhatcve
redhatcve
CVE-2008-4097
2015-10-30 10:30:27
suse
suse
remote code execution in openwsman
2008-08-14 18:02:43

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.8%

JSON
Related for NVD:CVE-2009-4030
ubuntucve6cvelist6prion6cve6nessus58openvas67securityvulns6freebsd2oraclelinux5centos4redhat8ubuntu2seebug3debian5gentoo1veracode4nvd5osv3redhatcve1suse1