CVE-2008-4097 — Vulnetix

CVE-2008-4097 PUBLISHED CVSS 4.599999904632568 MEDIUM

MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.

EPSS 0.72% · 72.9th percentile

Risk Scores

CVSS 2.0

4.599999904632568

EPSS Score

0.72%

72.9th percentile

Affected Products

Vendor	Product	Versions
oracle	mysql	5.0.51a
n/a	n/a	*

Exploit Intelligence

MDVSA-2009:094 (circl)
USN-671-1 (circl)
32769 (circl)
[oss-security] 20080909 Re: CVE request: MySQL incomplete fix for CVE-2008-2079 (circl)
mysql-myisam-symlinks-security-bypass(45648) (circl)
[oss-security] 20080916 Re: CVE request: MySQL incomplete fix for CVE-2008-2079 (circl)
32759 (circl)
SUSE-SR:2008:025 (circl)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25 (circl)

Timeline

Sep 17, 2008 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 2, 2022 CVE Updated
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Apr 3, 2023 EPSS Score
May 25, 2023 EPSS Score

References

MDVSA-2009:094 vendor-advisory
USN-671-1 vendor-advisory
32769 third-party-advisory
[oss-security] 20080909 Re: CVE request: MySQL incomplete fix for CVE-2008-2079 mailing-list
mysql-myisam-symlinks-security-bypass(45648) vdb
[oss-security] 20080916 Re: CVE request: MySQL incomplete fix for CVE-2008-2079 mailing-list
32759 third-party-advisory
SUSE-SR:2008:025 vendor-advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25 url
https://nvd.nist.gov/vuln/detail/CVE-2008-4097 advisory

Open in Interactive Console →