CVE-2008-4097
https://notcve.org/view.php?id=CVE-2008-4097
MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079. MySQL 5.0.51a permite a los usuarios locales evitar la comprobación de ciertos privilegios por la llamada a CREATE TABLE en una tabla MyISAM con argumentos modificados (1) DATA DIRECTORY o (2) INDEX DIRECTORY que son asociados con symlinks dentro de nombres de ruta (pathnames), para subdirectorios del directorio de datos principal de MySQL , el cual es seguido cuando las tablas son creadas en el futuro. NOTA: Esta vulnerabilidad por una incompleta solución para CVE-2008-2079. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://secunia.com/advisories/32759 http://secunia.com/advisories/32769 http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 http://www.openwall.com/lists/oss-security/2008/09/09/20 http://www.openwall.com/lists/oss-security/2008/09/16/3 http://www.ubuntu.com/usn/USN-671-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/ • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-4098 – mysql: incomplete upstream fix for CVE-2008-2079
https://notcve.org/view.php?id=CVE-2008-4098
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097. MySQL anterior a 5.0.67, permite a usuarios locales evitar determinadas comprobaciones de privilegios haciendo una llamada CREATE TABLE en una tabla MyISAM que modifica los argumentos (1) DATA DIRECTORY o (2) INDEX DIRECTORY que están asociados originalmente con los nombres de ruta (pathname) sin enlaces simbólicos, y que pueden apuntar a tablas creadas después de que un nombre de ruta sea modificado para tener un enlace simbólico a un subdirectorio del directorio de datos inicial de MySQL. NOTA: esta vulnerabilidad es debida a que no se solucionó completamente la vulnerabilidad CVE-2008-4097. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25 http://bugs.mysql.com/bug.php?id=32167 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://secunia.com/advisories/32578 http://secunia.com/advisories/32759 http://secunia.com/advisories/32769 http://secunia.com/advisories/38517 http://ubuntu.com/usn/usn-897-1 http://www.debian.org/security/2008/dsa-1662 http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 http:// • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2008-3963 – MySQL 6.0.4 - Empty Binary String Literal Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-3963
MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement. MySQL versiones 5.0 anteriores a 5.0.66, versiones 5.1 anteriores a 5.1.26 y versiones 6.0 anteriores a 6.0.6, no maneja apropiadamente un token b'' (b comilla simple comilla simple), también se conoce como literal de cadena de bits vacía, que permite a los atacantes remotos causar una denegación de servicio (bloqueo del demonio) mediante el uso de este token en una sentencia SQL. • https://www.exploit-db.com/exploits/32348 http://bugs.mysql.com/bug.php?id=35658 http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://secunia.com/advisories/31769 http://secunia.com/advisories/32759 http://secunia.com/advisories/32769 http& • CWE-134: Use of Externally-Controlled Format String •
CVE-2008-2079 – mysql: privilege escalation via DATA/INDEX DIRECTORY directives
https://notcve.org/view.php?id=CVE-2008-2079
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future. MySQL 4.1.x anterior a 4.1.24, 5.0.x antes de 5.0.60, 5.1.x anterior a 5.1.24 y 6.0.x antes de 6.0.5 permite a usuarios locales evitar ciertas comprobaciones de privilegios llamando a CREATE TABLE en una tabla MyISAM con argumentos (1) DATA DIRECTORY or (2) INDEX DIRECTORY modificados que están dentro del directorio MySQL home data, que puede apuntar a tablas que se crearán en el futuro. • http://bugs.mysql.com/bug.php?id=32167 http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://lists.o • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-0226 – MySQL 6.0 yaSSL 1.7.5 - Hello Message Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0226
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp. Múltiples desbordamientos de búfer en yaSSL 1.7.5 y anteriores, como el utilizado en MySQL y posiblemente otros productos, permite a atacantes remotos ejecutar código de su elección mediante (1) la función ProcessOldClientHello en handshake.cpp o (2) "input_buffer& operator>>" en yassl_imp.cpp. • https://www.exploit-db.com/exploits/9953 https://www.exploit-db.com/exploits/16849 https://www.exploit-db.com/exploits/16701 http://bugs.mysql.com/33814 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://secunia.com/advisories/28324 http://secunia.com/advisories/28419 http://secunia.com/advisories/28597 http://secunia.com/advisories/29443 http://secunia.com/advisories/32222 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •