Summary
According to its version number, the remote version of MySQL is prone to a security-bypass vulnerability.
An attacker can exploit this issue to gain access to table files created by other users, bypassing certain security restrictions.
NOTE 1: This issue was also assigned CVE-2008-4097 because CVE-2008-2079 was incompletely fixed, allowing symlink attacks.
NOTE 2: CVE-2008-4098 was assigned because fixes for the vector described in CVE-2008-4097 can also be bypassed.
This issue affects versions prior to MySQL 4 (prior to 4.1.24) and MySQL 5 (prior to 5.0.60).
Solution
Updates are available. Update to newer Version.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-2079, CVE-2008-4097, CVE-2008-4098 -
CVSS Base Score: 4.6
AV:N/AC:H/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Oracle MySQL Multiple Unspecified vulnerabilities-02 July14 (Windows)
- MySQL UNINSTALL PLUGIN Security Bypass Vulnerability
- IBM DB2 REPEAT Buffer Overflow and TLS Renegotiation Vulnerabilities (Win)
- IBM DB2 Multiple Denial of Service Vulnerabilities
- Oracle MySQL Multiple Unspecified vulnerabilities - 01 Jan14 (Windows)