CVE ID:	CVE-2008-2079
Description:	MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
Test IDs:	1.3.6.1.4.1.25623.1.0.100156   1.3.6.1.4.1.25623.1.0.61314   1.3.6.1.4.1.25623.1.0.66714   1.3.6.1.4.1.25623.1.0.62883   1.3.6.1.4.1.25623.1.0.66713   1.3.6.1.4.1.25623.1.0.61599   1.3.6.1.4.1.25623.1.0.63872   1.3.6.1.4.1.25623.1.0.63095   1.3.6.1.4.1.25623.1.0.61618
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2079 1019995 http://www.securitytracker.com/id?1019995 29106 http://www.securityfocus.com/bid/29106 30134 http://secunia.com/advisories/30134 31066 http://secunia.com/advisories/31066 31226 http://secunia.com/advisories/31226 31681 http://www.securityfocus.com/bid/31681 31687 http://secunia.com/advisories/31687 32222 http://secunia.com/advisories/32222 32769 http://secunia.com/advisories/32769 36566 http://secunia.com/advisories/36566 36701 http://secunia.com/advisories/36701 ADV-2008-1472 http://www.vupen.com/english/advisories/2008/1472/references ADV-2008-2780 http://www.vupen.com/english/advisories/2008/2780 APPLE-SA-2008-10-09 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html APPLE-SA-2009-09-10-2 http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html DSA-1608 http://www.debian.org/security/2008/dsa-1608 MDVSA-2008:149 http://www.mandriva.com/security/advisories?name=MDVSA-2008:149 MDVSA-2008:150 http://www.mandriva.com/security/advisories?name=MDVSA-2008:150 RHSA-2008:0505 http://www.redhat.com/support/errata/RHSA-2008-0505.html RHSA-2008:0510 http://www.redhat.com/support/errata/RHSA-2008-0510.html RHSA-2008:0768 http://www.redhat.com/support/errata/RHSA-2008-0768.html RHSA-2009:1289 http://www.redhat.com/support/errata/RHSA-2009-1289.html SUSE-SR:2008:017 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html USN-671-1 http://www.ubuntu.com/usn/USN-671-1 http://bugs.mysql.com/bug.php?id=32167 http://bugs.mysql.com/bug.php?id=32167 http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html http://support.apple.com/kb/HT3216 http://support.apple.com/kb/HT3216 http://support.apple.com/kb/HT3865 http://support.apple.com/kb/HT3865 mysql-myisam-security-bypass(42267) https://exchange.xforce.ibmcloud.com/vulnerabilities/42267 oval:org.mitre.oval:def:10133 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10133