[debian-mysql] Bug#480292: CVE-2008-2079: mysql allows local users to bypass certain privilege checks
Steffen Joeris
steffen.joeris at skolelinux.de
Fri May 9 11:02:35 UTC 2008
Package: mysql-server-5.0
Severity: grave
Tags: security
Justification: user security hole
Hi
The following CVE(0) has been issued against mysql.
CVE-2008-2079:
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and
6.0.x before 6.0.5 allows local users to bypass certain privilege checks
by calling CREATE TABLE on a MyISAM table with modified (1) DATA
DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL
home data directory, which can point to tables that are created in the
future.
Please mention the CVE id in your changelog, if you fix the issue by an
upload.
The mysql bugreport can be found here(1).
Cheers
Steffen
(0): http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2079
(1): http://bugs.mysql.com/bug.php?id=32167
More information about the pkg-mysql-maint
mailing list