RedhatCVELIST:CVE-2008-2079CVE-2008-2079
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
References
bugs.mysql.com/bug.php?id=32167
dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html
dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html
dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html
dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html
lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
secunia.com/advisories/30134
secunia.com/advisories/31066
secunia.com/advisories/31226
secunia.com/advisories/31687
secunia.com/advisories/32222
secunia.com/advisories/32769
secunia.com/advisories/36566
secunia.com/advisories/36701
support.apple.com/kb/HT3216
support.apple.com/kb/HT3865
www.debian.org/security/2008/dsa-1608
www.mandriva.com/security/advisories?name=MDVSA-2008:149
www.mandriva.com/security/advisories?name=MDVSA-2008:150
www.redhat.com/support/errata/RHSA-2008-0505.html
www.redhat.com/support/errata/RHSA-2008-0510.html
www.redhat.com/support/errata/RHSA-2008-0768.html
www.redhat.com/support/errata/RHSA-2009-1289.html
www.securityfocus.com/bid/29106
www.securityfocus.com/bid/31681
www.securitytracker.com/id?1019995
www.ubuntu.com/usn/USN-671-1
www.vupen.com/english/advisories/2008/1472/references
www.vupen.com/english/advisories/2008/2780
exchange.xforce.ibmcloud.com/vulnerabilities/42267
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133
Related
