CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
EPSS
Percentile
16.1%
MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege
checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA
DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated
with pathnames without symlinks, and that can point to tables created at a
future time at which a pathname is modified to contain a symlink to a
subdirectory of the MySQL data home directory, related to incorrect
calculation of the mysql_unpacked_real_data_home value. NOTE: this
vulnerability exists because of an incomplete fix for CVE-2008-4098 and
CVE-2008-2079.
Author | Note |
---|---|
mdeslaur | actually made it in 5.1.42 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.10 | noarch | mysql-5.1 | <Β 5.1.41-3ubuntu7 | UNKNOWN |
ubuntu | 11.04 | noarch | mysql-5.1 | <Β 5.1.41-3ubuntu7 | UNKNOWN |
ubuntu | 6.06 | noarch | mysql-dfsg-5.0 | <Β 5.0.22-0ubuntu6.06.12 | UNKNOWN |
ubuntu | 8.04 | noarch | mysql-dfsg-5.0 | <Β 5.0.51a-3ubuntu5.5 | UNKNOWN |
ubuntu | 8.10 | noarch | mysql-dfsg-5.0 | <Β 5.0.67-0ubuntu6.1 | UNKNOWN |
ubuntu | 9.04 | noarch | mysql-dfsg-5.0 | <Β 5.1.30really5.0.75-0ubuntu10.3 | UNKNOWN |
ubuntu | 9.10 | noarch | mysql-dfsg-5.1 | <Β 5.1.37-1ubuntu5.1 | UNKNOWN |
ubuntu | 10.04 | noarch | mysql-dfsg-5.1 | <Β 5.1.41-3ubuntu7 | UNKNOWN |