Vulnerability-Lookup

CVE-2008-4098 (GCVE-0-2008-4098)

Vulnerability from cvelistv5 – Published: 2008-09-17 18:06 – Updated: 2024-08-07 10:00

Summary

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

FKIE_CVE-2008-4098

Vulnerability from fkie_nvd - Published: 2008-09-18 15:04 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25	Issue Tracking, Third Party Advisory
secalert@redhat.com	http://bugs.mysql.com/bug.php?id=32167	Issue Tracking, Patch, Vendor Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/32578	Not Applicable
secalert@redhat.com	http://secunia.com/advisories/32759	Not Applicable
secalert@redhat.com	http://secunia.com/advisories/32769	Not Applicable
secalert@redhat.com	http://secunia.com/advisories/38517	Not Applicable
secalert@redhat.com	http://ubuntu.com/usn/usn-897-1	Third Party Advisory
secalert@redhat.com	http://www.debian.org/security/2008/dsa-1662	Third Party Advisory
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2009:094	Broken Link
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2008/09/09/20	Mailing List, Third Party Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2008/09/16/3	Mailing List, Third Party Advisory
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2009-1067.html	Third Party Advisory
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2010-0110.html	Third Party Advisory
secalert@redhat.com	http://www.ubuntu.com/usn/USN-1397-1
secalert@redhat.com	http://www.ubuntu.com/usn/USN-671-1	Third Party Advisory
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/45649
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10591
af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://bugs.mysql.com/bug.php?id=32167	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32578	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32759	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32769	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38517	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://ubuntu.com/usn/usn-897-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1662	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:094	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/09/09/20	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/09/16/3	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1067.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2010-0110.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1397-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-671-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/45649
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10591

Impacted products

Vendor	Product	Version
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	7.10
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	8.10
canonical	ubuntu_linux	9.04
canonical	ubuntu_linux	9.10
debian	debian_linux	5.0
mysql	mysql	5.0.0
mysql	mysql	5.0.1
mysql	mysql	5.0.2
mysql	mysql	5.0.3
mysql	mysql	5.0.4
mysql	mysql	5.0.5
mysql	mysql	5.0.10
mysql	mysql	5.0.15
mysql	mysql	5.0.16
mysql	mysql	5.0.17
mysql	mysql	5.0.20
mysql	mysql	5.0.24
mysql	mysql	5.0.30
mysql	mysql	5.0.36
mysql	mysql	5.0.44
mysql	mysql	5.0.54
mysql	mysql	5.0.56
mysql	mysql	5.0.60
mysql	mysql	5.0.66
oracle	mysql	5.0.23
oracle	mysql	5.0.25
oracle	mysql	5.0.26
oracle	mysql	5.0.28
oracle	mysql	5.0.30
oracle	mysql	5.0.32
oracle	mysql	5.0.34
oracle	mysql	5.0.36
oracle	mysql	5.0.38
oracle	mysql	5.0.40
oracle	mysql	5.0.41
oracle	mysql	5.0.42
oracle	mysql	5.0.44
oracle	mysql	5.0.45
oracle	mysql	5.0.46
oracle	mysql	5.0.48
oracle	mysql	5.0.50
oracle	mysql	5.0.50
oracle	mysql	5.0.51
oracle	mysql	5.0.52
oracle	mysql	5.0.56
oracle	mysql	5.0.58
oracle	mysql	5.0.60
oracle	mysql	5.0.62
oracle	mysql	5.0.64
oracle	mysql	5.0.66

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
              "matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC198CDB-CAC0-41DD-9FCD-42536E7FE11A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B77A2761-2B44-4061-9C29-A54F90A1AD83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B3AD851-056F-4E57-B85B-4AC5A5A20C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD24EA8C-4FCA-4F40-B2EA-7DFA49432483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "754B78F2-A03C-40BE-812B-F5E57B93D20B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "575039BD-A8B6-4459-B5F0-F220A94650EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "542B23CB-7535-4EF7-B926-466A5161A0D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "45E686C3-4100-465C-9F45-068580B496E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E9F09D8-6FAE-4A5B-AE04-248CD52C5FF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB618DB2-6B00-4E99-8232-937D2C51986B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "665E063D-355D-4A5A-A05F-36BF582DE36F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4C6CD84-EA5D-451F-AFC3-5F7094F0017D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF9271A-A816-44F6-A811-ECC1FB0993C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "F482D3D3-205C-495E-AF3A-E9C3018111F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "53853D65-F2C6-410F-9CF8-DED19B66BD4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "D927706B-565F-4152-8F86-AC85F1AA469F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C0291F7-27D9-4634-9DD3-21827C1CC5ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D54A38-E7A0-4B89-BBA5-D98D4D7FF3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.66:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A7AFEB8-711B-4DED-A24E-38012F415FC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA586E2B-A349-47C8-A17C-DA9016C6C3B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "C30CA14C-AE28-4D9A-B53D-B7C28D3BA56B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "811780EA-8805-41A6-A920-A201CCC80790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB92A552-079E-4A5E-B65E-8A6C956FC7DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "A7753CE5-61C4-4FBC-BB60-F7D4493E76E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EDC2EB4-2C8D-4EF7-83A6-CBE6FF759DD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A5CD839-1C18-44F2-836F-97B85572D491",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.36:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "4BA355E8-593E-470C-B565-60CD51B14C3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "B54F660F-AE43-4F3B-8935-5712CAE860A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AF30535-45D3-4845-8B7C-16F7B6D05F63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "4413BB52-6FBD-4C12-8864-ADDC65E45B25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B49F9BA-560B-40AE-9457-436830CDD371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.44:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "87BAAF59-A8F5-46AB-9CAC-E0F76B47D942",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53A8437-C61A-4203-B341-B5596569E50B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "60540719-8329-47E4-820F-8B4E4AA55AF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "7147148B-BD26-4280-9B3F-1B27551E0CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1435669-9BDA-40D4-BB30-C8AE1C3E7649",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.50:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "DC81D22D-72FE-4FEC-8277-A994B184B91C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8EBAE3C-F24D-4935-96BF-9541EC03B8F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA95EE27-389A-4068-AAC1-AD64DD6BB006",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.56:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "B15A96B9-3982-49DF-A836-1DBC3FD29EF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "A02DEBB1-65A5-4422-8B75-E8C86EA0B947",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.60:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "56225075-5A65-409E-AFC9-CACA381EAC29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFB11E34-4045-4ACA-AD7D-48B70D13CD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D2FC440-4D06-4CE2-BE20-A46EB196182F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.66:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "455E364E-5010-47D9-8F09-58FE4B15615B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097."
    },
    {
      "lang": "es",
      "value": "MySQL anterior a 5.0.67, permite a usuarios locales evitar determinadas comprobaciones de privilegios haciendo una llamada CREATE TABLE en una tabla MyISAM que modifica los argumentos (1) DATA DIRECTORY o (2) INDEX DIRECTORY que est\u00e1n asociados originalmente con los nombres de ruta (pathname) sin enlaces simb\u00f3licos, y que pueden apuntar a tablas creadas despu\u00e9s de que un nombre de ruta sea modificado para tener un enlace simb\u00f3lico a un subdirectorio del directorio de datos inicial de MySQL. NOTA: esta vulnerabilidad es debida a que no se solucion\u00f3 completamente la vulnerabilidad CVE-2008-4097."
    }
  ],
  "id": "CVE-2008-4098",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-09-18T15:04:27.407",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://bugs.mysql.com/bug.php?id=32167"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/32578"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/32759"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/32769"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/38517"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://ubuntu.com/usn/usn-897-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1662"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:094"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2008/09/09/20"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2008/09/16/3"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1067.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0110.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1397-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-671-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45649"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10591"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://bugs.mysql.com/bug.php?id=32167"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/32578"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/32759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/32769"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/38517"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://ubuntu.com/usn/usn-897-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:094"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2008/09/09/20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2008/09/16/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1067.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0110.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1397-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-671-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45649"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10591"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "This issue was addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2010-0110.html and in Red Hat Application Stack v2 via https://rhn.redhat.com/errata/RHSA-2009-1067.html .\n\nIn Red Hat Enterprise Linux 5, issue CVE-2008-2079 was fixed without introducing CVE-2008-4098 in https://rhn.redhat.com/errata/RHSA-2009-1289.html .",
      "lastModified": "2010-02-17T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-CWR2-C5MC-RXV6

Vulnerability from github – Published: 2022-05-02 00:06 – Updated: 2022-05-02 00:06

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-4098"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-09-18T15:04:00Z",
    "severity": "MODERATE"
  },
  "details": "MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.",
  "id": "GHSA-cwr2-c5mc-rxv6",
  "modified": "2022-05-02T00:06:48Z",
  "published": "2022-05-02T00:06:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4098"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45649"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10591"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25"
    },
    {
      "type": "WEB",
      "url": "http://bugs.mysql.com/bug.php?id=32167"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32578"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32759"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32769"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38517"
    },
    {
      "type": "WEB",
      "url": "http://ubuntu.com/usn/usn-897-1"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1662"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:094"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/09/09/20"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/09/16/3"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1067.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0110.html"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1397-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-671-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2013-AVI-543

Vulnerability from certfr_avis - Published: 2013-09-25 - Updated: 2013-09-25

De multiples vulnérabilités ont été corrigées dans Oracle Solaris. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Oracle	N/A	Oracle Solaris 11.1
	Oracle	N/A	Oracle Solaris 10

References

Title

Publication Time

GSD-2008-4098

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-4098

Aliases

CVE-2008-4098

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-4098",
    "description": "MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.",
    "id": "GSD-2008-4098",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-4098.html",
      "https://www.debian.org/security/2008/dsa-1662",
      "https://access.redhat.com/errata/RHSA-2010:0110",
      "https://access.redhat.com/errata/RHSA-2009:1067",
      "https://linux.oracle.com/cve/CVE-2008-4098.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-4098"
      ],
      "details": "MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.",
      "id": "GSD-2008-4098",
      "modified": "2023-12-13T01:23:00.304444Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2008-4098",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25",
            "refsource": "MISC",
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
          },
          {
            "name": "http://secunia.com/advisories/32759",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/32759"
          },
          {
            "name": "http://secunia.com/advisories/32769",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/32769"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:094",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:094"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2008/09/09/20",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2008/09/09/20"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2008/09/16/3",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2008/09/16/3"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-671-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-671-1"
          },
          {
            "name": "http://secunia.com/advisories/38517",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/38517"
          },
          {
            "name": "http://ubuntu.com/usn/usn-897-1",
            "refsource": "MISC",
            "url": "http://ubuntu.com/usn/usn-897-1"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-1397-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-1397-1"
          },
          {
            "name": "http://bugs.mysql.com/bug.php?id=32167",
            "refsource": "MISC",
            "url": "http://bugs.mysql.com/bug.php?id=32167"
          },
          {
            "name": "http://secunia.com/advisories/32578",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/32578"
          },
          {
            "name": "http://www.debian.org/security/2008/dsa-1662",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2008/dsa-1662"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2009-1067.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1067.html"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2010-0110.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0110.html"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45649",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45649"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10591",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10591"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.36:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.46:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.52:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.54:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.44:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.44:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.60:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.62:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.38:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.48:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.56:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.56:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.66:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.66:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.54:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.64:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.66:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.42:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.50:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.58:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.60:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2008-4098"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-59"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20080916 Re: CVE request: MySQL incomplete fix for CVE-2008-2079",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/09/16/3"
            },
            {
              "name": "[oss-security] 20080909 Re: CVE request: MySQL incomplete fix for CVE-2008-2079",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/09/09/20"
            },
            {
              "name": "http://bugs.mysql.com/bug.php?id=32167",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "http://bugs.mysql.com/bug.php?id=32167"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25"
            },
            {
              "name": "32759",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secunia.com/advisories/32759"
            },
            {
              "name": "SUSE-SR:2008:025",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
            },
            {
              "name": "MDVSA-2009:094",
              "refsource": "MANDRIVA",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:094"
            },
            {
              "name": "RHSA-2009:1067",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1067.html"
            },
            {
              "name": "RHSA-2010:0110",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0110.html"
            },
            {
              "name": "38517",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secunia.com/advisories/38517"
            },
            {
              "name": "USN-897-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://ubuntu.com/usn/usn-897-1"
            },
            {
              "name": "DSA-1662",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1662"
            },
            {
              "name": "32578",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secunia.com/advisories/32578"
            },
            {
              "name": "USN-671-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.ubuntu.com/usn/USN-671-1"
            },
            {
              "name": "32769",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secunia.com/advisories/32769"
            },
            {
              "name": "mysql-myisam-symlink-security-bypass(45649)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45649"
            },
            {
              "name": "oval:org.mitre.oval:def:10591",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10591"
            },
            {
              "name": "USN-1397-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1397-1"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-12-17T20:26Z",
      "publishedDate": "2008-09-18T15:04Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-4098 (GCVE-0-2008-4098)

FKIE_CVE-2008-4098

GHSA-CWR2-C5MC-RXV6

CERTA-2013-AVI-543

Solution

GSD-2008-4098

Tags

Sightings

Nomenclature