[debian-mysql] Bug#480292: CVE-2008-2079: mysql allows local users to bypass certain privilege checks

Steffen Joeris steffen.joeris at skolelinux.de
Fri May 9 11:02:35 UTC 2008


Package: mysql-server-5.0
Severity: grave
Tags: security
Justification: user security hole

Hi

The following CVE(0) has been issued against mysql.

CVE-2008-2079:

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and
6.0.x before 6.0.5 allows local users to bypass certain privilege checks
by calling CREATE TABLE on a MyISAM table with modified (1) DATA
DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL
home data directory, which can point to tables that are created in the
future.

Please mention the CVE id in your changelog, if you fix the issue by an
upload.

The mysql bugreport can be found here(1).


Cheers
Steffen

(0): http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2079

(1): http://bugs.mysql.com/bug.php?id=32167





More information about the pkg-mysql-maint mailing list