VDB
CVE-2009-4030
CVE-2009-4030
PUBLISHED
Reported by redhat · Published November 30, 2009
MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | *, n/a |
Timeline
- Nov 30, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- 38573 third-party-advisoryx_refsource_SECUNIA
- USN-1397-1 vendor-advisoryx_refsource_UBUNTU
- 38517 third-party-advisoryx_refsource_SECUNIA
- RHSA-2010:0109 vendor-advisoryx_refsource_REDHAT
- ADV-2010-1107 vdb-entryx_refsource_VUPEN
- [oss-security] 20091124 Re: mysql-5.1.41 mailing-listx_refsource_MLIST
- USN-897-1 vendor-advisoryx_refsource_UBUNTU
- SUSE-SR:2010:011 vendor-advisoryx_refsource_SUSE
- APPLE-SA-2010-03-29-1 vendor-advisoryx_refsource_APPLE
- [oss-security] 20091119 mysql-5.1.41 mailing-listx_refsource_MLIST
- [oss-security] 20091124 Re: mysql-5.1.41 mailing-listx_refsource_MLIST
- x_refsource_CONFIRM
- x_refsource_CONFIRM
- [oss-security] 20091124 Re: mysql-5.1.41 mailing-listx_refsource_MLIST
- oval:org.mitre.oval:def:11116 vdb-entrysignaturex_refsource_OVAL
- RHSA-2010:0110 vendor-advisoryx_refsource_REDHAT
- SUSE-SR:2010:021 vendor-advisoryx_refsource_SUSE
- x_refsource_CONFIRM
- [commits] 20091110 bzr commit into mysql-5.0-bugteam branch (joro:2845) Bug#32167 mailing-listx_refsource_MLIST
- oval:org.mitre.oval:def:8156 vdb-entrysignaturex_refsource_OVAL
…and 1 more