Description

MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.

Remediation

References

CVE-2009-4030

Related Vulnerabilities

MySQL CVE-2017-3639 Vulnerability (CVE-2017-3639)

MediaWiki CVE-2023-29139 Vulnerability (CVE-2023-29139)

WordPress Plugin Simple Behance Portfolio Cross-Site Scripting (0.2)

SharePoint CVE-2021-31948 Vulnerability (CVE-2021-31948)

WordPress Plugin Gravity Forms Infusionsoft Cross-Site Scripting (1.1.4)

Severity

Medium

Classification

CVE-2009-4030 CWE-59

Tags

Missing Update Known Vulnerabilities