CVE-2008-4097

Name of the Vulnerable Software and Affected Versions MySQL version 5.0.51a

Description The issue allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified DATA DIRECTORY or INDEX DIRECTORY arguments associated with symlinks within pathnames for subdirectories of the MySQL home data directory. These symlinks are followed when tables are created in the future.

Recommendations For MySQL version 5.0.51a, consider restricting the use of CREATE TABLE statements with modified DATA DIRECTORY or INDEX DIRECTORY arguments to minimize the risk of exploitation. Additionally, avoid using symlinks within pathnames for subdirectories of the MySQL home data directory until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.