CVE-2008-4098

Canonical Ubuntu Linux - Symlink Following

Title source: rule

Description

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.

References (18)

Core 18

Core References

Broken Link vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2009:094

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1397-1

Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2009-1067.html

Issue Tracking, Third Party Advisory x_refsource_misc

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-671-1

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38517

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10591

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://ubuntu.com/usn/usn-897-1

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32769

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2008/09/09/20

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2008/09/16/3

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32759

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/45649

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2008/dsa-1662

Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2010-0110.html

Issue Tracking, Patch, Vendor Advisory x_refsource_confirm

http://bugs.mysql.com/bug.php?id=32167

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32578

Scores

EPSS 0.0162

EPSS Percentile 73.0%

Details

CWE

CWE-59

Status published

Products (49)

canonical/ubuntu_linux 6.06

canonical/ubuntu_linux 7.10

canonical/ubuntu_linux 8.04

canonical/ubuntu_linux 8.10

canonical/ubuntu_linux 9.04

canonical/ubuntu_linux 9.10

debian/debian_linux 5.0

mysql/mysql 5.0.0

mysql/mysql 5.0.1

mysql/mysql 5.0.2

... and 39 more

Published Sep 18, 2008

Tracked Since Feb 18, 2026