What is the severity of CVE-2008-4098?

CVE-2008-4098 has been classified as a moderate severity vulnerability.

How do I fix CVE-2008-4098?

To mitigate CVE-2008-4098, it is recommended to upgrade MySQL to version 5.0.67 or later.

What software is affected by CVE-2008-4098?

CVE-2008-4098 affects MySQL versions before 5.0.67 and specific distributions of Linux including Red Hat and Ubuntu.

Can CVE-2008-4098 be exploited remotely?

No, CVE-2008-4098 can only be exploited by local users on the affected system.

What is the impact of CVE-2008-4098 on MySQL databases?

CVE-2008-4098 allows local users to bypass certain privilege checks, potentially leading to unauthorized access to data.

Vulnerability/
CVE-2008-4098

medium

4.6

CWE

3/7/2008

17/9/2008

7/8/2024

CVE-2008-4098

First published: Thu Jul 03 2008(Updated: )

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/mysql	<0:4.1.22-2.el4_8.3	0:4.1.22-2.el4_8.3
Ubuntu Linux	=6.06
Ubuntu Linux	=7.10
Ubuntu Linux	=8.04
Ubuntu Linux	=8.10
Ubuntu Linux	=9.04
Ubuntu Linux	=9.10
Debian Debian Linux	=5.0
MySQL Server	=5.0.0
MySQL Server	=5.0.1
MySQL Server	=5.0.2
MySQL Server	=5.0.3
MySQL Server	=5.0.4
MySQL Server	=5.0.5
MySQL Server	=5.0.10
MySQL Server	=5.0.15
MySQL Server	=5.0.16
MySQL Server	=5.0.17
MySQL Server	=5.0.20
MySQL Server	=5.0.24
MySQL Server	=5.0.30
MySQL Server	=5.0.36
MySQL Server	=5.0.44
MySQL Server	=5.0.54
MySQL Server	=5.0.56
MySQL Server	=5.0.60
MySQL Server	=5.0.66
MySQL	=5.0.23
MySQL	=5.0.25
MySQL	=5.0.26
MySQL	=5.0.28
MySQL	=5.0.30-sp1
MySQL	=5.0.32
MySQL	=5.0.34
MySQL	=5.0.36-sp1
MySQL	=5.0.38
MySQL	=5.0.40
MySQL	=5.0.41
MySQL	=5.0.42
MySQL	=5.0.44-sp1
MySQL	=5.0.45
MySQL	=5.0.46
MySQL	=5.0.48
MySQL	=5.0.50
MySQL	=5.0.50-sp1
MySQL	=5.0.51
MySQL	=5.0.52
MySQL	=5.0.56-sp1
MySQL	=5.0.58
MySQL	=5.0.60-sp1
MySQL	=5.0.62
MySQL	=5.0.64
MySQL	=5.0.66-sp1

Remedy

http://bugs.mysql.com/bug.php?id=32167

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

RHSA-2010:0110

Frequently Asked Questions

What is the severity of CVE-2008-4098?
CVE-2008-4098 has been classified as a moderate severity vulnerability.
How do I fix CVE-2008-4098?
To mitigate CVE-2008-4098, it is recommended to upgrade MySQL to version 5.0.67 or later.
What software is affected by CVE-2008-4098?
CVE-2008-4098 affects MySQL versions before 5.0.67 and specific distributions of Linux including Red Hat and Ubuntu.
Can CVE-2008-4098 be exploited remotely?
No, CVE-2008-4098 can only be exploited by local users on the affected system.
What is the impact of CVE-2008-4098 on MySQL databases?
CVE-2008-4098 allows local users to bypass certain privilege checks, potentially leading to unauthorized access to data.

agent/type
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2008-4098
agent/references
agent/author
agent/weakness
agent/remedy
agent/severity
agent/description
collector/redhat-cve
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
package-manager/redhat
vendor/canonical
canonical/ubuntu linux
version/ubuntu linux/6.06
version/ubuntu linux/7.10
version/ubuntu linux/8.04
version/ubuntu linux/8.10
version/ubuntu linux/9.04
version/ubuntu linux/9.10
vendor/debian
canonical/debian debian linux
version/debian debian linux/5.0
vendor/mysql
canonical/mysql server
version/mysql server/5.0.0
version/mysql server/5.0.1
version/mysql server/5.0.2
version/mysql server/5.0.3
version/mysql server/5.0.4
version/mysql server/5.0.5
version/mysql server/5.0.10
version/mysql server/5.0.15
version/mysql server/5.0.16
version/mysql server/5.0.17
version/mysql server/5.0.20
version/mysql server/5.0.24
version/mysql server/5.0.30
version/mysql server/5.0.36
version/mysql server/5.0.44
version/mysql server/5.0.54
version/mysql server/5.0.56
version/mysql server/5.0.60
version/mysql server/5.0.66
vendor/oracle
canonical/mysql
version/mysql/5.0.23
version/mysql/5.0.25
version/mysql/5.0.26
version/mysql/5.0.28
version/mysql/5.0.30-sp1
version/mysql/5.0.32
version/mysql/5.0.34
version/mysql/5.0.36-sp1
version/mysql/5.0.38
version/mysql/5.0.40
version/mysql/5.0.41
version/mysql/5.0.42
version/mysql/5.0.44-sp1
version/mysql/5.0.45
version/mysql/5.0.46
version/mysql/5.0.48
version/mysql/5.0.50
version/mysql/5.0.50-sp1
version/mysql/5.0.51
version/mysql/5.0.52
version/mysql/5.0.56-sp1
version/mysql/5.0.58
version/mysql/5.0.60-sp1
version/mysql/5.0.62
version/mysql/5.0.64
version/mysql/5.0.66-sp1

CVE-2008-4098

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2008-4098?

How do I fix CVE-2008-4098?

What software is affected by CVE-2008-4098?

Can CVE-2008-4098 be exploited remotely?

What is the impact of CVE-2008-4098 on MySQL databases?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2008-4098?

How do I fix CVE-2008-4098?

What software is affected by CVE-2008-4098?

Can CVE-2008-4098 be exploited remotely?

What is the impact of CVE-2008-4098 on MySQL databases?