VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 18, 2008· Updated Apr 23, 2026

CVE-2008-4098

CVE-2008-4098

Description

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.

Affected products

52
  • MySQL/MySQL19 versions
    cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*+ 18 more
    • cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.30:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.36:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.44:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.54:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.56:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.60:*:*:*:*:*:*:*
    • cpe:2.3:a:mysql:mysql:5.0.66:*:*:*:*:*:*:*
  • Oracle Corporation/MySQL26 versions
    cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*+ 25 more
    • cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.25:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.26:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.28:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.32:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.34:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.36:sp1:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.38:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.40:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.42:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.44:sp1:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.46:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.48:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.50:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.50:sp1:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.52:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.56:sp1:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.58:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.60:sp1:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.62:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.64:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mysql:5.0.66:sp1:*:*:*:*:*:*
  • Canonical/Ubuntu Linux6 versions
    cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*+ 5 more
    • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
  • Debian/Debian Linux
    cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

18

News mentions

0

No linked articles in our index yet.