CVE-2008-4097

Publication date 18 September 2008

Last updated 24 July 2024

Ubuntu priority

MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
mysql-dfsg-5.0	8.10 intrepid	Not affected
	8.04 LTS hardy	Fixed 5.0.51a-3ubuntu5.4
	7.10 gutsy	Fixed 5.0.45-1ubuntu3.4
	7.04 feisty	Ignored
	6.06 LTS dapper	Fixed 5.0.22-0ubuntu6.06.11

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-671-1
MySQL vulnerabilities
17 November 2008

Other references

https://www.cve.org/CVERecord?id=CVE-2008-4097