CVE-2008-4097 — Vulnetix

Try Vulnetix Request Demo

CVE-2008-4097 PUBLISHED CVSS 4.599999904632568 MEDIUM

MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.

EPSS 0.72% · 72.3th percentile

Risk Scores

CVSS v2.0

4.599999904632568

EPSS Score

0.72%

72.3th percentile

Affected Products

Vendor	Product	Versions
oracle	mysql	5.0.51a
n/a	n/a	n/a

Timeline

Sep 17, 2008 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

MDVSA-2009:094 vendor-advisory
USN-671-1 vendor-advisory
32769 third-party-advisory
[oss-security] 20080909 Re: CVE request: MySQL incomplete fix for CVE-2008-2079 mailing-list
mysql-myisam-symlinks-security-bypass(45648) vdb
[oss-security] 20080916 Re: CVE request: MySQL incomplete fix for CVE-2008-2079 mailing-list
32759 third-party-advisory
SUSE-SR:2008:025 vendor-advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25 url
https://nvd.nist.gov/vuln/detail/CVE-2008-4097 advisory

Open in Interactive Console →