LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

NLUUG/ELCE: Embedded devices and free software

The sad story of the em28xx driver

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

mysql: privilege escalation

Package(s):mysql CVE #(s):CVE-2008-2079
Created:July 2, 2008 Updated:November 18, 2008
Description: From the Red Hat advisory: MySQL did not correctly check directories used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated attacker could elevate their access privileges to tables created by other database users. Note: this attack does not work on existing tables. An attacker can only elevate their access to another user's tables as the tables are created. As well, the names of these created tables need to be predicted correctly for this attack to succeed.

Version 5.0.50sp1a fixes the problem.

Alerts:
SuSE SUSE-SA:2008:041 2008-08-14
Red Hat RHSA-2008:0768-01 2008-07-24
Mandriva MDVSA-2008:149 2008-07-19
Mandriva MDVSA-2008:150 2007-07-19
Debian DSA-1608-1 2008-07-13
Red Hat RHSA-2008:0510-01 2008-07-02
SuSE SUSE-SR:2008:017 2008-08-29
Gentoo 200809-04 2008-09-04
Ubuntu USN-671-1 2008-11-17
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds