Test ID:	1.3.6.1.4.1.25623.1.0.100156
Category:	Databases
Title:	MySQL MyISAM Table Privileges Secuity Bypass Vulnerability
Summary:	Determine if MySQL is vulnerable to Table Privileges Secuity Bypass
Description:	Overview: According to its version number, the remote version of MySQL is prone to a security-bypass vulnerability. An attacker can exploit this issue to gain access to table files created by other users, bypassing certain security restrictions. NOTE 1: This issue was also assigned CVE-2008-4097 because CVE-2008-2079 was incompletely fixed, allowing symlink attacks. NOTE 2: CVE-2008-4098 was assigned because fixes for the vector described in CVE-2008-4097 can also be bypassed. This issue affects versions prior to MySQL 4 (prior to 4.1.24) and MySQL 5 (prior to 5.0.60). Solution: Updates are available. Update to newer Version. See also: http://www.securityfocus.com/bid/29106
Cross-Ref:	BugTraq ID: 29106 Common Vulnerability Exposure (CVE) ID: CVE-2008-2079 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html Debian Security Information: DSA-1608 (Google Search) http://www.debian.org/security/2008/dsa-1608 http://www.mandriva.com/security/advisories?name=MDVSA-2008:149 http://www.mandriva.com/security/advisories?name=MDVSA-2008:150 http://www.redhat.com/support/errata/RHSA-2008-0505.html http://www.redhat.com/support/errata/RHSA-2008-0510.html http://www.redhat.com/support/errata/RHSA-2008-0768.html http://www.redhat.com/support/errata/RHSA-2009-1289.html SuSE Security Announcement: SUSE-SR:2008:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://www.ubuntu.com/usn/USN-671-1 http://www.securityfocus.com/bid/29106 BugTraq ID: 31681 http://www.securityfocus.com/bid/31681 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10133 http://secunia.com/advisories/36701 http://secunia.com/advisories/32769 http://secunia.com/advisories/36566 http://www.vupen.com/english/advisories/2008/1472/references http://www.vupen.com/english/advisories/2008/2780 http://www.securitytracker.com/id?1019995 http://secunia.com/advisories/30134 http://secunia.com/advisories/31066 http://secunia.com/advisories/31226 http://secunia.com/advisories/31687 http://secunia.com/advisories/32222 XForce ISS Database: mysql-myisam-security-bypass(42267) http://xforce.iss.net/xforce/xfdb/42267 Common Vulnerability Exposure (CVE) ID: CVE-2008-4097 http://www.openwall.com/lists/oss-security/2008/09/09/20 http://www.openwall.com/lists/oss-security/2008/09/16/3 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25 http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 SuSE Security Announcement: SUSE-SR:2008:025 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://secunia.com/advisories/32759 XForce ISS Database: mysql-myisam-symlinks-security-bypass(45648) http://xforce.iss.net/xforce/xfdb/45648 Common Vulnerability Exposure (CVE) ID: CVE-2008-4098 Debian Security Information: DSA-1662 (Google Search) http://www.debian.org/security/2008/dsa-1662 http://www.redhat.com/support/errata/RHSA-2009-1067.html http://www.redhat.com/support/errata/RHSA-2010-0110.html http://ubuntu.com/usn/usn-897-1 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10591 http://secunia.com/advisories/38517 http://secunia.com/advisories/32578 XForce ISS Database: mysql-myisam-symlink-security-bypass(45649) http://xforce.iss.net/xforce/xfdb/45649
Copyright	This script is Copyright (C) 2009 Greenbone Networks GmbH

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: