Описание
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 5.0.22-0ubuntu6.06.11 |
| devel | not-affected | 5.1.30really5.0.83-0ubuntu3 |
| feisty | ignored | end of life, was needed |
| gutsy | released | 5.0.45-1ubuntu3.4 |
| hardy | released | 5.0.51a-3ubuntu5.4 |
| intrepid | released | 5.0.67-0ubuntu6.1 |
| jaunty | not-affected | 5.1.30really5.0.75-0ubuntu10.2 |
| karmic | not-affected | 5.1.30really5.0.83-0ubuntu3 |
| upstream | released | 5.0.67 |
Показывать по
4.6 Medium
CVSS2
Связанные уязвимости
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
MySQL before 5.0.67 allows local users to bypass certain privilege che ...
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
4.6 Medium
CVSS2