MySQL privilege escalation updated since 22.07.2008
Published:		10.11.2008
Source:		CVE
SecurityVulns ID:		9164
Type:		local
Level:		5/10
Description:		It's possible to specify file of different database in CREATE TABLE.

Affected:		MYSQL : MySQL 4.1
		MYSQL : MySQL 5.0
		MYSQL : MySQL 5.1
		MYSQL : MySQL 6.0
CVE:		CVE-2008-4098 (MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.)
		CVE-2008-4097 (MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.)
		CVE-2008-2079 (MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.)

Original document

DEBIAN, [SECURITY] [DSA 1662-1] New mysql-dfsg-5.0 packages fix authorization bypass (10.11.2008)

Discuss:

Read or add your comments to this news (0 comments)