Description

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.

Remediation

References

CVE-2008-4098

Related Vulnerabilities

PostgreSQL Improper Access Control Vulnerability (CVE-2016-7048)

WordPress Plugin WP TripAdvisor Review Slider SQL Injection (10.7)

Dotclear Improper Access Control Vulnerability (CVE-2015-8832)

WordPress Plugin Welcart e-Commerce PHP Object Injection (1.9.3)

Liferay DXP Insecure Default Initialization of Resource Vulnerability (CVE-2023-33949)

Severity

Medium

Classification

CVE-2008-4098 CWE-59

Tags

Missing Update Known Vulnerabilities