CVE-2008-4098 — Link Following in Mysql
Severity
4.6MEDIUMNVD
NVD4.4NVD3.6
EPSS
0.3%
top 42.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 18
Latest updateMay 13
Description
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
CVSS vector
AV:N/AC:H/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4
Affected Packages2 packages
Also affects: Debian Linux 5.0, Ubuntu Linux 6.06, 7.10, 8.04, 8.10, 9.04, 9.10
Patches
🔴Vulnerability Details
3💥Exploits & PoCs
1📋Vendor Advisories
6💬Community
4Bugzilla▶
CVE-2010-1626 mysql: table destruction via DATA/INDEX DIRECTORY directives using symlinks↗2010-01-08