Rapid7 Vulnerability & Exploit Database

SUSE-SR:2008:017:vuln13: MySQL security problems

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SUSE-SR:2008:017:vuln13: MySQL security problems

Severity

CVSS

(AV:N/AC:H/Au:S/C:P/I:P/A:P)

Published

08/29/2008

Created

07/25/2018

Added

09/09/2008

Modified

11/18/2015

Description

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

Solution(s)

References

https://attackerkb.com/topics/cve-2008-2079
APPLE-SA-2008-10-09
APPLE-SA-2009-09-10-2
29106
31681
CVE - 2008-2079
DSA-1608
OVAL10133
RHSA-2008:0505
RHSA-2008:0510
RHSA-2008:0768
RHSA-2009:1289
http://bugs.mysql.com/bug.php?id=32167
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html
http://www.frsirt.com/english/advisories/2008/1472/references
http://www.novell.com/linux/security/advisories/2008_17_sr.html
42267

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;