6.1 Medium
AI Score
Confidence
Low
4.6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
12.1%
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
CPE | Name | Operator | Version |
---|---|---|---|
ubuntu_linux | eq | 6.06 | |
ubuntu_linux | eq | 7.10 | |
ubuntu_linux | eq | 8.04 | |
debian_linux | eq | 4.0 | |
mysql | ge | 4.1.0 | |
mysql | lt | 4.1.24 | |
mysql | ge | 5.0.0 | |
mysql | lt | 5.0.60 | |
mysql | ge | 5.1.0 | |
mysql | lt | 5.1.24 |
bugs.mysql.com/bug.php?id=32167
dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html
dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html
dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html
dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html
lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
secunia.com/advisories/30134
secunia.com/advisories/31066
secunia.com/advisories/31226
secunia.com/advisories/31687
secunia.com/advisories/32222
secunia.com/advisories/32769
secunia.com/advisories/36566
secunia.com/advisories/36701
support.apple.com/kb/HT3216
support.apple.com/kb/HT3865
www.debian.org/security/2008/dsa-1608
www.mandriva.com/security/advisories?name=MDVSA-2008:149
www.mandriva.com/security/advisories?name=MDVSA-2008:150
www.redhat.com/support/errata/RHSA-2008-0505.html
www.redhat.com/support/errata/RHSA-2008-0510.html
www.redhat.com/support/errata/RHSA-2008-0768.html
www.redhat.com/support/errata/RHSA-2009-1289.html
www.securityfocus.com/bid/29106
www.securityfocus.com/bid/31681
www.securitytracker.com/id?1019995
www.ubuntu.com/usn/USN-671-1
www.vupen.com/english/advisories/2008/1472/references
www.vupen.com/english/advisories/2008/2780
exchange.xforce.ibmcloud.com/vulnerabilities/42267
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133