Description

MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.

Remediation

References

CVE-2009-4030

Related Vulnerabilities

WordPress Plugin POST SMTP Mailer-Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress Multiple Cross-Site Request Forgery Vulnerabilities (2.5.6)

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-4802)

Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-1015)

WordPress Plugin WP Private Content Plus Security Bypass (1.31)

Oracle JRE CVE-2014-2420 Vulnerability (CVE-2014-2420)

Severity

Medium

Classification

CVE-2009-4030 CWE-59

Tags

Missing Update Known Vulnerabilities