what you don't know can hurt you
Showing 1 - 7 of 7 RSS Feed

CVE-2008-4098

Status Candidate

Overview

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.

Related Files

Ubuntu Security Notice USN-1397-1
Posted Mar 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1397-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.95. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2007-5925, CVE-2008-3963, CVE-2008-4098, CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019, CVE-2009-4030, CVE-2009-4484, CVE-2010-1621, CVE-2010-1626, CVE-2010-1848, CVE-2010-1849, CVE-2010-1850, CVE-2010-2008, CVE-2010-3677, CVE-2010-3678, CVE-2010-3679, CVE-2010-3680, CVE-2010-3681, CVE-2010-3682, CVE-2010-3683, CVE-2010-3833, CVE-2010-3834, CVE-2010-3835, CVE-2010-3836, CVE-2010-3837, CVE-2010-3838
MD5 | 2323a310938db1802d720d29a6583eed
Gentoo Linux Security Advisory 201201-02
Posted Jan 6, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201201-2 - Multiple vulnerabilities were found in MySQL, some of which may allow execution of arbitrary code. Versions less than 5.1.56 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-3963, CVE-2008-4097, CVE-2008-4098, CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019, CVE-2009-4028, CVE-2009-4484, CVE-2010-1621, CVE-2010-1626, CVE-2010-1848, CVE-2010-1849, CVE-2010-1850, CVE-2010-2008, CVE-2010-3676, CVE-2010-3677, CVE-2010-3678, CVE-2010-3679, CVE-2010-3680, CVE-2010-3681, CVE-2010-3682, CVE-2010-3683, CVE-2010-3833, CVE-2010-3834, CVE-2010-3835, CVE-2010-3836, CVE-2010-3837
MD5 | 40c5717088a3a44831480822f90ac949
Ubuntu Security Notice 897-1
Posted Feb 10, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 897-1 - It was discovered that MySQL could be made to overwrite existing table files in the data directory. It was discovered that MySQL contained a cross-site scripting vulnerability in the command-line client when the --html option is enabled. It was discovered that MySQL could be made to overwrite existing table files in the data directory. It was discovered that MySQL contained multiple format string flaws when logging database creation and deletion. It was discovered that MySQL incorrectly handled errors when performing certain SELECT statements, and did not preserve correct flags when performing statements that use the GeomFromWKB function. It was discovered that MySQL incorrectly checked symlinks when using the DATA DIRECTORY and INDEX DIRECTORY options. It was discovered that MySQL contained a buffer overflow when parsing ssl certificates.

tags | advisory, overflow, xss
systems | linux, ubuntu
advisories | CVE-2008-4098, CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019, CVE-2009-4030, CVE-2009-4484
MD5 | ce3e7c0fa7382112da9bbe5625d10e61
Mandriva Linux Security Advisory 2009-326
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-326 - Multiple vulnerabilities has been found and corrected in mysql. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides fixes for this vulnerability.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-3963, CVE-2008-4098, CVE-2008-4456, CVE-2009-2446
MD5 | 26aee919fda962da30ae10ad393b57b8
Mandriva Linux Security Advisory 2009-094
Posted Apr 22, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-094 - Multiple vulnerabilities ranging from cross site scripting to denial of service have been fixed in MySQL.

tags | advisory, denial of service, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2008-3963, CVE-2008-4097, CVE-2008-4098, CVE-2008-4456
MD5 | 14d3e63de420516e3c6942c9a23576fc
Ubuntu Security Notice 671-1
Posted Nov 18, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-671-1 - It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This update alters table creation behavior by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. It was discovered that MySQL did not handle empty bit-string literals properly. An attacker could exploit this problem and cause the MySQL server to crash, leading to a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2008-2079, CVE-2008-3963, CVE-2008-4097, CVE-2008-4098
MD5 | 39c3cf301a96c689c184b762d83dedd8
Debian Linux Security Advisory 1662-1
Posted Nov 7, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1662-1 - A symlink traversal vulnerability was discovered in MySQL, a relational database server. The weakness could permit an attacker having both CREATE TABLE access to a database and the ability to execute shell commands on the database server to bypass MySQL access controls, enabling them to write to tables in databases to which they would not ordinarily have access.

tags | advisory, shell
systems | linux, debian
advisories | CVE-2008-4098
MD5 | f6cd75a8cbf5b0950bf5d0562a95798b
Page 1 of 1
Back1Next

File Archive:

June 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    10 Files
  • 2
    Jun 2nd
    9 Files
  • 3
    Jun 3rd
    0 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    0 Files
  • 7
    Jun 7th
    0 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close