// For flags

CVE-2008-4097

 

Severity Score

4.6
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.

MySQL 5.0.51a permite a los usuarios locales evitar la comprobaciĆ³n de ciertos privilegios por la llamada a CREATE TABLE en una tabla MyISAM con argumentos modificados (1) DATA DIRECTORY o (2) INDEX DIRECTORY que son asociados con symlinks dentro de nombres de ruta (pathnames), para subdirectorios del directorio de datos principal de MySQL , el cual es seguido cuando las tablas son creadas en el futuro. NOTA: Esta vulnerabilidad por una incompleta soluciĆ³n para CVE-2008-2079.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-09-15 CVE Reserved
  • 2008-09-17 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-18 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Oracle
Search vendor "Oracle"
 Mysql
Search vendor "Oracle" for product "Mysql"
 5.0.51a
Search vendor "Oracle" for product "Mysql" and version "5.0.51a"
-
Affected