FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths

Affected packages
4.1 <= mysql-server < 4.1.25
5.0 <= mysql-server < 5.0.75
5.1 <= mysql-server < 5.1.28
6.0 <= mysql-server < 6.0.6

Details

VuXML ID 738f8f9e-d661-11dd-a765-0030843d3802
Discovery 2008-07-03
Entry 2008-12-30

MySQL Team reports:

Additional corrections were made for the symlink-related privilege problem originally addressed. The original fix did not correctly handle the data directory pathname if it contained symlinked directories in its path, and the check was made only at table-creation time, not at table-opening time later.

References

CVE Name CVE-2008-2079
CVE Name CVE-2008-4097
CVE Name CVE-2008-4098
URL http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25
URL http://bugs.mysql.com/bug.php?id=32167
URL http://dev.mysql.com/doc/refman/4.1/en/news-4-1-25.html
URL http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-75.html
URL http://dev.mysql.com/doc/refman/5.1/en/news-5-1-28.html
URL http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html