CVE-2008-7247

MySQL <6.0.9-alpha - Privilege Escalation

Title source: llm
STIX 2.1

Description

sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.

References (14)

Core 14
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1397-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38517
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1107
Various Sources vendor-advisory x_refsource_ubuntu
http://ubuntu.com/usn/usn-897-1
Exploit x_refsource_confirm
http://bugs.mysql.com/bug.php?id=39277
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4077
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=oss-security&m=125908040022018&w=2
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=543619
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:044
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38043
Exploit mailing-list x_refsource_mlist
http://lists.mysql.com/commits/59711

Scores

EPSS 0.0177
EPSS Percentile 75.2%

Details

CWE
CWE-59
Status published
Products (50)
mysql/mysql 5.0.0
mysql/mysql 5.0.1
mysql/mysql 5.0.2
mysql/mysql 5.0.3
mysql/mysql 5.0.4
mysql/mysql 5.0.5
mysql/mysql 5.0.5.0.21
mysql/mysql 5.0.10
mysql/mysql 5.0.15
mysql/mysql 5.0.16
... and 40 more
Published Nov 30, 2009
Tracked Since Feb 18, 2026