Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.100156
Category:Databases
Title:MySQL MyISAM Table Privileges Security Bypass Vulnerability
Summary:According to its version number, the remote version of MySQL is; prone to a security-bypass vulnerability.
Description:Summary:
According to its version number, the remote version of MySQL is
prone to a security-bypass vulnerability.

Vulnerability Insight:
NOTE 1: This issue was also assigned CVE-2008-4097 because
CVE-2008-2079 was incompletely fixed, allowing symlink attacks.

NOTE 2: CVE-2008-4098 was assigned because fixes for the vector
described in CVE-2008-4097 can also be bypassed.

Vulnerability Impact:
An attacker can exploit this issue to gain access to table files created by
other users, bypassing certain security restrictions.

Affected Software/OS:
This issue affects versions prior to MySQL 4 (prior to 4.1.24) and
MySQL 5 (prior to 5.0.60).

Solution:
Updates are available, please see the references for more information.

CVSS Score:
4.6

CVSS Vector:
AV:N/AC:H/Au:S/C:P/I:P/A:P

Cross-Ref: BugTraq ID: 29106
Common Vulnerability Exposure (CVE) ID: CVE-2008-2079
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://www.securityfocus.com/bid/29106
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
Debian Security Information: DSA-1608 (Google Search)
http://www.debian.org/security/2008/dsa-1608
http://www.mandriva.com/security/advisories?name=MDVSA-2008:149
http://www.mandriva.com/security/advisories?name=MDVSA-2008:150
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133
http://www.redhat.com/support/errata/RHSA-2008-0505.html
http://www.redhat.com/support/errata/RHSA-2008-0510.html
http://www.redhat.com/support/errata/RHSA-2008-0768.html
http://www.redhat.com/support/errata/RHSA-2009-1289.html
http://www.securitytracker.com/id?1019995
http://secunia.com/advisories/30134
http://secunia.com/advisories/31066
http://secunia.com/advisories/31226
http://secunia.com/advisories/31687
http://secunia.com/advisories/32222
http://secunia.com/advisories/32769
http://secunia.com/advisories/36566
http://secunia.com/advisories/36701
SuSE Security Announcement: SUSE-SR:2008:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://www.ubuntu.com/usn/USN-671-1
http://www.vupen.com/english/advisories/2008/1472/references
http://www.vupen.com/english/advisories/2008/2780
XForce ISS Database: mysql-myisam-security-bypass(42267)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42267
Common Vulnerability Exposure (CVE) ID: CVE-2008-4097
http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
http://www.openwall.com/lists/oss-security/2008/09/09/20
http://www.openwall.com/lists/oss-security/2008/09/16/3
http://secunia.com/advisories/32759
SuSE Security Announcement: SUSE-SR:2008:025 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
XForce ISS Database: mysql-myisam-symlinks-security-bypass(45648)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45648
Common Vulnerability Exposure (CVE) ID: CVE-2008-4098
Debian Security Information: DSA-1662 (Google Search)
http://www.debian.org/security/2008/dsa-1662
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10591
http://www.redhat.com/support/errata/RHSA-2009-1067.html
http://www.redhat.com/support/errata/RHSA-2010-0110.html
http://secunia.com/advisories/32578
http://secunia.com/advisories/38517
http://www.ubuntu.com/usn/USN-1397-1
http://ubuntu.com/usn/usn-897-1
XForce ISS Database: mysql-myisam-symlink-security-bypass(45649)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45649
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.