FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-2079

This CVE name corresponds to:

Entered	Topic
2008-12-30	mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths
2008-09-10	mysql -- MyISAM table privileges security bypass vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-2079 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2008-2079
Phase	Assigned(20080505)

Description

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

References

Source	Reference
CONFIRM	http://bugs.mysql.com/bug.php?id=32167
CONFIRM	http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html
CONFIRM	http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html
CONFIRM	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html
CONFIRM	http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html
CONFIRM	http://support.apple.com/kb/HT3216
CONFIRM	http://support.apple.com/kb/HT3865
APPLE	APPLE-SA-2008-10-09
APPLE	APPLE-SA-2009-09-10-2
DEBIAN	DSA-1608
MANDRIVA	MDVSA-2008:149
MANDRIVA	MDVSA-2008:150
REDHAT	RHSA-2008:0505
REDHAT	RHSA-2008:0510
REDHAT	RHSA-2008:0768
REDHAT	RHSA-2009:1289
SUSE	SUSE-SR:2008:017
UBUNTU	USN-671-1
BID	29106
BID	31681
OVAL	oval:org.mitre.oval:def:10133
SECUNIA	36701
SECUNIA	32769
SECUNIA	36566
VUPEN	ADV-2008-1472
VUPEN	ADV-2008-2780
SECTRACK	1019995
SECUNIA	30134
SECUNIA	31066
SECUNIA	31226
SECUNIA	31687
SECUNIA	32222
XF	mysql-myisam-security-bypass(42267)