Vulnonym.org

CVE-2008-2079 - Molten Designations

Description

MySQL 4.1.x before 4.1.24 5.0.x before 5.0.60 5.1.x before 5.1.24 and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory which can point to tables that are created in the future.

Reference

http://bugs.mysql.com/bug.php?id=32167 http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html http://www.securityfocus.com/bid/29106 http://www.securitytracker.com/id?1019995 http://secunia.com/advisories/30134 http://www.redhat.com/support/errata/RHSA-2008-0510.html http://secunia.com/advisories/31226 http://www.debian.org/security/2008/dsa-1608 http://www.mandriva.com/security/advisories?name=MDVSA-2008:150 http://www.mandriva.com/security/advisories?name=MDVSA-2008:149 http://www.redhat.com/support/errata/RHSA-2008-0505.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/31066 http://secunia.com/advisories/31687 http://www.securityfocus.com/bid/31681 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://support.apple.com/kb/HT3216 http://secunia.com/advisories/32222 http://www.redhat.com/support/errata/RHSA-2008-0768.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://secunia.com/advisories/36701 http://support.apple.com/kb/HT3865 http://www.vupen.com/english/advisories/2008/1472/references http://www.vupen.com/english/advisories/2008/2780 http://www.ubuntu.com/usn/USN-671-1 http://secunia.com/advisories/32769 http://www.redhat.com/support/errata/RHSA-2009-1289.html http://secunia.com/advisories/36566 https://exchange.xforce.ibmcloud.com/vulnerabilities/42267 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133