Computer Security

MySQL privilege escalation
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



MySQL privilege escalation
Published:22.07.2008
Source:CVE
SecurityVulns ID:9164
Type:local
Level:5/10
Description:It's possible to specify file of different database in CREATE TABLE.
Affected:MYSQL : MySQL 4.1
 MYSQL : MySQL 5.0
 MYSQL : MySQL 5.1
 MYSQL : MySQL 6.0
CVE:CVE-2008-2079 (MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru