CVE-2008-2079 Information
Share on:Description
MySQL 4.1.x before 4.1.24 5.0.x before 5.0.60 5.1.x before 5.1.24 and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory which can point to tables that are created in the future.
Reference
http://bugs.mysql.com/bug.php?id=32167 http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/30134 http://secunia.com/advisories/31066 http://secunia.com/advisories/31226 http://secunia.com/advisories/31687 http://secunia.com/advisories/32222 http://secunia.com/advisories/32769 http://secunia.com/advisories/36566 http://secunia.com/advisories/36701 http://support.apple.com/kb/HT3216 http://support.apple.com/kb/HT3865 http://www.debian.org/security/2008/dsa-1608 http://www.mandriva.com/security/advisories?name=MDVSA-2008:149 http://www.mandriva.com/security/advisories?name=MDVSA-2008:150 http://www.redhat.com/support/errata/RHSA-2008-0505.html http://www.redhat.com/support/errata/RHSA-2008-0510.html http://www.redhat.com/support/errata/RHSA-2008-0768.html http://www.redhat.com/support/errata/RHSA-2009-1289.html http://www.securityfocus.com/bid/29106 http://www.securityfocus.com/bid/31681 http://www.securitytracker.com/id?1019995 http://www.ubuntu.com/usn/USN-671-1 http://www.vupen.com/english/advisories/2008/1472/references http://www.vupen.com/english/advisories/2008/2780 https://exchange.xforce.ibmcloud.com/vulnerabilities/42267 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10133