Unrated severityNVD Advisory· Published May 5, 2008· Updated Jun 16, 2026
CVE-2008-2079
CVE-2008-2079
Description
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
26cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- osv-coords19 versionspkg:rpm/opensuse/mariadb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 10.6.4-2.1+ 18 more
- (no CPE)range: < 10.6.4-2.1
- (no CPE)range: < 1.8.0-3.5.2
- (no CPE)range: < 1.8.0-3.5.2
- (no CPE)range: < 1.8.0-3.5.2
- (no CPE)range: < 10.4.30-150100.3.5.10
- (no CPE)range: < 10.4.30-8.5.46
- (no CPE)range: < 10.4.30-150100.3.5.10
- (no CPE)range: < 10.4.30-8.5.46
- (no CPE)range: < 10.4.30-150100.3.5.10
- (no CPE)range: < 10.4.30-8.5.46
- (no CPE)range: < 3.1.22-2.35.1
- (no CPE)range: < 3.1.22-2.35.1
- (no CPE)range: < 3.1.22-2.35.1
- (no CPE)range: < 1.4.6-150100.3.3.7
- (no CPE)range: < 1.3.14-8.9.2
- (no CPE)range: < 1.4.6-150100.3.3.7
- (no CPE)range: < 1.3.14-8.9.2
- (no CPE)range: < 1.4.6-150100.3.3.7
- (no CPE)range: < 1.3.14-8.9.2
Patches
Vulnerability mechanics
References
33- www.securityfocus.com/bid/29106nvdPatchThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/31681nvdPatchThird Party AdvisoryVDB Entry
- bugs.mysql.com/bug.phpnvdExploitPatchVendor Advisory
- dev.mysql.com/doc/refman/4.1/en/news-4-1-24.htmlnvdVendor Advisory
- dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.htmlnvdVendor Advisory
- dev.mysql.com/doc/refman/5.1/en/news-5-1-24.htmlnvdVendor Advisory
- dev.mysql.com/doc/refman/6.0/en/news-6-0-5.htmlnvdVendor Advisory
- lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlnvdMailing ListThird Party Advisory
- lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlnvdThird Party Advisory
- secunia.com/advisories/30134nvdThird Party Advisory
- secunia.com/advisories/31066nvdThird Party Advisory
- secunia.com/advisories/31226nvdThird Party Advisory
- secunia.com/advisories/31687nvdThird Party Advisory
- secunia.com/advisories/32222nvdThird Party Advisory
- secunia.com/advisories/32769nvdThird Party Advisory
- secunia.com/advisories/36566nvdThird Party Advisory
- secunia.com/advisories/36701nvdThird Party Advisory
- support.apple.com/kb/HT3216nvdThird Party Advisory
- support.apple.com/kb/HT3865nvdThird Party Advisory
- www.debian.org/security/2008/dsa-1608nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2008-0505.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2008-0510.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2008-0768.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2009-1289.htmlnvdThird Party Advisory
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-671-1nvdThird Party Advisory
- www.vupen.com/english/advisories/2008/1472/referencesnvdThird Party Advisory
- www.vupen.com/english/advisories/2008/2780nvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/42267nvdThird Party AdvisoryVDB Entry
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133nvdThird Party Advisory
News mentions
0No linked articles in our index yet.