CVE-2008-2079

Publication date 5 May 2008

Last updated 24 July 2024

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
mysql-dfsg-5.0	8.10 intrepid	Not affected
	8.04 LTS hardy	Fixed 5.0.51a-3ubuntu5.4
	7.10 gutsy	Fixed 5.0.45-1ubuntu3.4
	7.04 feisty	Ignored
	6.06 LTS dapper	Fixed 5.0.22-0ubuntu6.06.11

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-671-1
MySQL vulnerabilities
17 November 2008

Other references

https://www.cve.org/CVERecord?id=CVE-2008-2079