what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2008-2079

Status Candidate

Overview

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

Related Files

Ubuntu Security Notice 671-1
Posted Nov 18, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-671-1 - It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This update alters table creation behavior by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. It was discovered that MySQL did not handle empty bit-string literals properly. An attacker could exploit this problem and cause the MySQL server to crash, leading to a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2008-2079, CVE-2008-3963, CVE-2008-4097, CVE-2008-4098
SHA-256 | 00a13f8fad3bfb4215919fbf05ac85cb6b70b3801a97cc6ae3c91370e004410e
Gentoo Linux Security Advisory 200809-4
Posted Sep 4, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200809-04 - Sergei Golubchik reported that MySQL imposes no restrictions on the specification of DATA DIRECTORY or INDEX DIRECTORY in SQL CREATE TABLE statements. Versions less than 5.0.60-r1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2008-2079
SHA-256 | 2dbc9c5c45f08d45bb6b0f11c315c3d80f8c1168e50b1c9ed4ff10ae02e743e0
Mandriva Linux Security Advisory 2008-150
Posted Jul 21, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple buffer overflows in yaSSL, which is used in MySQL, allowed remote attackers to execute arbitrary code. a denial of service via a special Hello packet. Sergei Golubchik found that MySQL did not properly validate optional data or index directory paths given in a CREATE TABLE statement; as well it would not, under certain conditions, prevent two databases from using the same paths for data or index files. This could allow an authenticated user with appropriate privilege to create tables in one database to read and manipulate data in tables later created in other databases, regardless of GRANT privileges. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2008-0226, CVE-2008-0227, CVE-2008-2079
SHA-256 | 344a69b94fd6da8ff62ed01ddc6d2cced715bfbbc1409d0cbfe492c82bdb483b
Mandriva Linux Security Advisory 2008-149
Posted Jul 21, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Sergei Golubchik found that MySQL did not properly validate optional data or index directory paths given in a CREATE TABLE statement; as well it would not, under certain conditions, prevent two databases from using the same paths for data or index files. This could allow an authenticated user with appropriate privilege to create tables in one database to read and manipulate data in tables later created in other databases, regardless of GRANT privileges. The updated packages have been patched to correct this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2008-2079
SHA-256 | ca27a8cb8ea8d559e76c8c46ef7b85030f11070547a35ff973aa9a69f4714e48
Debian Linux Security Advisory 1608-1
Posted Jul 15, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1608-1 - Sergei Golubchik discovered that MySQL, a widely-deployed database server, did not properly validate optional data or index directory paths given in a CREATE TABLE statement, nor would it (under proper conditions) prevent two databases from using the same paths for data or index files. This permits an authenticated user with authorization to create tables in one database to read, write or delete data from tables subsequently created in other databases, regardless of other GRANT authorizations.

tags | advisory
systems | linux, debian
advisories | CVE-2008-2079
SHA-256 | f36bea7ac060105616e86d6befc0a778abc8db40a7c072eabdd764d2b4e156ae
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close