DescriptionMySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
Overall state of this security issue: Ignore
This issue is currently rated as having low severity.
|National Vulnerability Database|
- SUSE-SR:2008:025, published Fri, 14 Nov 2008 15:00:00 +0000
- SUSE-SR:2009:001, published Mon, 12 Jan 2009 13:00:00 +0000