Lucene search

RedhatCVE-2008-4098

HistorySep 18, 2008 - 3:04 p.m.

CVE-2008-4098

2008-09-1815:04:27

CWE-59

redhat

web.nvd.nist.gov

169

mysql

cve-2008-4098

privilege checks

vulnerability

nvd

CVSS2

4.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

AI Score

6.3

Confidence

Low

EPSS

0.001

Percentile

35.0%

JSON

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.

Affected configurations

Nvd

Node

canonicalubuntu_linuxMatch6.06lts

canonicalubuntu_linuxMatch7.10

canonicalubuntu_linuxMatch8.04lts

canonicalubuntu_linuxMatch8.10

canonicalubuntu_linuxMatch9.04

canonicalubuntu_linuxMatch9.10

Node

debiandebian_linuxMatch5.0

Node

mysqlmysqlMatch5.0.0

mysqlmysqlMatch5.0.1

mysqlmysqlMatch5.0.2

mysqlmysqlMatch5.0.3

mysqlmysqlMatch5.0.4

mysqlmysqlMatch5.0.5

mysqlmysqlMatch5.0.10

mysqlmysqlMatch5.0.15

mysqlmysqlMatch5.0.16

mysqlmysqlMatch5.0.17

mysqlmysqlMatch5.0.20

mysqlmysqlMatch5.0.24

mysqlmysqlMatch5.0.30

mysqlmysqlMatch5.0.36

mysqlmysqlMatch5.0.44

mysqlmysqlMatch5.0.54

mysqlmysqlMatch5.0.56

mysqlmysqlMatch5.0.60

mysqlmysqlMatch5.0.66

oraclemysqlMatch5.0.23

oraclemysqlMatch5.0.25

oraclemysqlMatch5.0.26

oraclemysqlMatch5.0.28

oraclemysqlMatch5.0.30sp1

oraclemysqlMatch5.0.32

oraclemysqlMatch5.0.34

oraclemysqlMatch5.0.36sp1

oraclemysqlMatch5.0.38

oraclemysqlMatch5.0.40

oraclemysqlMatch5.0.41

oraclemysqlMatch5.0.42

oraclemysqlMatch5.0.44sp1

oraclemysqlMatch5.0.45

oraclemysqlMatch5.0.46

oraclemysqlMatch5.0.48

oraclemysqlMatch5.0.50

oraclemysqlMatch5.0.50sp1

oraclemysqlMatch5.0.51

oraclemysqlMatch5.0.52

oraclemysqlMatch5.0.56sp1

oraclemysqlMatch5.0.58

oraclemysqlMatch5.0.60sp1

oraclemysqlMatch5.0.62

oraclemysqlMatch5.0.64

oraclemysqlMatch5.0.66sp1

VendorProductVersionCPE
canonicalubuntu_linux6.06cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
canonicalubuntu_linux7.10cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
canonicalubuntu_linux8.04cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
canonicalubuntu_linux8.10cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
canonicalubuntu_linux9.04cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
canonicalubuntu_linux9.10cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
debiandebian_linux5.0cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
mysqlmysql5.0.0cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*
mysqlmysql5.0.1cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*
mysqlmysql5.0.2cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
canonical	ubuntu_linux	6.06	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
canonical	ubuntu_linux	7.10	cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
canonical	ubuntu_linux	8.04	cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts:::
canonical	ubuntu_linux	8.10	cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*
canonical	ubuntu_linux	9.04	cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*
canonical	ubuntu_linux	9.10	cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*
debian	debian_linux	5.0	cpe:2.3:o:debian:debian_linux:5.0:::::::*
mysql	mysql	5.0.0	cpe:2.3:a:mysql:mysql:5.0.0:::::::*
mysql	mysql	5.0.1	cpe:2.3:a:mysql:mysql:5.0.1:::::::*
mysql	mysql	5.0.2	cpe:2.3:a:mysql:mysql:5.0.2:::::::*