CVE-2008-4097

N/A Unknown
Published: September 18, 2008 Modified: April 23, 2026
View on NVD

Description

MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25
Source: secalert@redhat.com
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
Source: secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/32759
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/32769
Source: secalert@redhat.com
Broken Link Not Applicable
http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
Source: secalert@redhat.com
Broken Link
http://www.openwall.com/lists/oss-security/2008/09/09/20
Source: secalert@redhat.com
Mailing List
http://www.openwall.com/lists/oss-security/2008/09/16/3
Source: secalert@redhat.com
Mailing List
http://www.ubuntu.com/usn/USN-671-1
Source: secalert@redhat.com
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45648
Source: secalert@redhat.com
VDB Entry
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/32759
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/32769
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Not Applicable
http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.openwall.com/lists/oss-security/2008/09/09/20
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://www.openwall.com/lists/oss-security/2008/09/16/3
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://www.ubuntu.com/usn/USN-671-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45648
Source: af854a3a-2127-422b-91ae-364da2661108
VDB Entry

18 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

oracle

Related CVEs

CVE-2026-41279 N/A
CVE-2026-41278 N/A
CVE-2026-41277 N/A
CVE-2026-41276 N/A
CVE-2026-41275 N/A