4.6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
9.3%
MySQL before 5.0.67 allows local users to bypass certain privilege checks
by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY
or (2) INDEX DIRECTORY arguments that are originally associated with
pathnames without symlinks, and that can point to tables created at a
future time at which a pathname is modified to contain a symlink to a
subdirectory of the MySQL home data directory. NOTE: this vulnerability
exists because of an incomplete fix for CVE-2008-4097.
Author | Note |
---|---|
mdeslaur | proper fix only made it’s way to 5.0.70, so intrepid isn’t properly patched |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | mysql-dfsg-5.0 | < 5.0.22-0ubuntu6.06.11 | UNKNOWN |
ubuntu | 7.10 | noarch | mysql-dfsg-5.0 | < 5.0.45-1ubuntu3.4 | UNKNOWN |
ubuntu | 8.04 | noarch | mysql-dfsg-5.0 | < 5.0.51a-3ubuntu5.4 | UNKNOWN |
ubuntu | 8.10 | noarch | mysql-dfsg-5.0 | < 5.0.67-0ubuntu6.1 | UNKNOWN |