Vulnerability & Exploit Database

Back to search

FreeBSD: mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths (Multiple CVEs)

Severity CVSS Published Added Modified
5 (AV:N/AC:H/Au:S/C:P/I:P/A:P) September 18, 2008 May 08, 2014 February 13, 2015


MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now




Related Vulnerabilities