CVE-2008-2079

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

• CWE-264

• http://bugs.mysql.com/bug.php?id=32167Exploit, Patch, Vendor Advisory
• http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.htmlVendor Advisory
• http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.htmlVendor Advisory
• http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.htmlVendor Advisory
• http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.htmlVendor Advisory
• http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlMailing List, Third Party Advisory
• http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlMailing List, Third Party Advisory
• http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlThird Party Advisory
• http://secunia.com/advisories/30134Third Party Advisory
• http://secunia.com/advisories/31066Third Party Advisory
• http://secunia.com/advisories/31226Third Party Advisory
• http://secunia.com/advisories/31687Third Party Advisory
• http://secunia.com/advisories/32222Third Party Advisory
• http://secunia.com/advisories/32769Third Party Advisory
• http://secunia.com/advisories/36566Third Party Advisory
• http://secunia.com/advisories/36701Third Party Advisory
• http://support.apple.com/kb/HT3216Third Party Advisory
• http://support.apple.com/kb/HT3865Third Party Advisory
• http://www.debian.org/security/2008/dsa-1608Third Party Advisory
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:149Third Party Advisory
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:150Third Party Advisory
• http://www.redhat.com/support/errata/RHSA-2008-0505.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2008-0510.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2008-0768.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2009-1289.htmlThird Party Advisory
• http://www.securityfocus.com/bid/29106Patch, Third Party Advisory, VDB Entry
• http://www.securityfocus.com/bid/31681Patch, Third Party Advisory, VDB Entry
• http://www.securitytracker.com/id?1019995Third Party Advisory, VDB Entry
• http://www.ubuntu.com/usn/USN-671-1Third Party Advisory
• http://www.vupen.com/english/advisories/2008/1472/referencesThird Party Advisory
• http://www.vupen.com/english/advisories/2008/2780Third Party Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/42267Third Party Advisory, VDB Entry
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133Third Party Advisory
• http://bugs.mysql.com/bug.php?id=32167Exploit, Patch, Vendor Advisory
• http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.htmlVendor Advisory
• http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.htmlVendor Advisory
• http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.htmlVendor Advisory
• http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.htmlVendor Advisory
• http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlMailing List, Third Party Advisory
• http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlMailing List, Third Party Advisory
• http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlThird Party Advisory
• http://secunia.com/advisories/30134Third Party Advisory
• http://secunia.com/advisories/31066Third Party Advisory
• http://secunia.com/advisories/31226Third Party Advisory
• http://secunia.com/advisories/31687Third Party Advisory
• http://secunia.com/advisories/32222Third Party Advisory
• http://secunia.com/advisories/32769Third Party Advisory
• http://secunia.com/advisories/36566Third Party Advisory
• http://secunia.com/advisories/36701Third Party Advisory
• http://support.apple.com/kb/HT3216Third Party Advisory
• http://support.apple.com/kb/HT3865Third Party Advisory
• http://www.debian.org/security/2008/dsa-1608Third Party Advisory
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:149Third Party Advisory
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:150Third Party Advisory
• http://www.redhat.com/support/errata/RHSA-2008-0505.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2008-0510.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2008-0768.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2009-1289.htmlThird Party Advisory
• http://www.securityfocus.com/bid/29106Patch, Third Party Advisory, VDB Entry
• http://www.securityfocus.com/bid/31681Patch, Third Party Advisory, VDB Entry
• http://www.securitytracker.com/id?1019995Third Party Advisory, VDB Entry
• http://www.ubuntu.com/usn/USN-671-1Third Party Advisory
• http://www.vupen.com/english/advisories/2008/1472/referencesThird Party Advisory
• http://www.vupen.com/english/advisories/2008/2780Third Party Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/42267Third Party Advisory, VDB Entry
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133Third Party Advisory

Published

May 5, 2008

Last Modified

Jun 16, 2026

Status

Modified