CVE 2008-4098
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
Related bugs and status
CVE-2008-4098 (Candidate) is related to these bugs:
Bug #323755: server-cert.pem expired: "Not After : Jan 27 08:54:13 2009 GMT" - ssl related test suites fails because of expired certificates
Bug #937869: MySQL security update tracking bug
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 937869 | MySQL security update tracking bug | mysql-5.1 (Ubuntu) | Undecided | Fix Released | ||
| 937869 | MySQL security update tracking bug | mysql-5.1 (Ubuntu Maverick) | Undecided | Fix Released | ||
| 937869 | MySQL security update tracking bug | mysql-5.1 (Ubuntu Natty) | Undecided | Fix Released | ||
| 937869 | MySQL security update tracking bug | mysql-5.1 (Ubuntu Oneiric) | Undecided | Fix Released | ||
| 937869 | MySQL security update tracking bug | mysql-dfsg-5.1 (Ubuntu) | Undecided | Fix Released | ||
| 937869 | MySQL security update tracking bug | mysql-dfsg-5.1 (Ubuntu Maverick) | Undecided | Invalid | ||
| 937869 | MySQL security update tracking bug | mysql-dfsg-5.1 (Ubuntu Natty) | Undecided | Invalid | ||
| 937869 | MySQL security update tracking bug | mysql-dfsg-5.1 (Ubuntu Oneiric) | Undecided | Invalid | ||
| 937869 | MySQL security update tracking bug | mysql-5.1 (Ubuntu Lucid) | Undecided | Invalid | ||
| 937869 | MySQL security update tracking bug | mysql-dfsg-5.1 (Ubuntu Lucid) | Undecided | Fix Released | ||
| 937869 | MySQL security update tracking bug | mysql-dfsg-5.0 (Ubuntu) | Undecided | Fix Released | ||
| 937869 | MySQL security update tracking bug | mysql-dfsg-5.0 (Ubuntu Lucid) | Undecided | Invalid | ||
| 937869 | MySQL security update tracking bug | mysql-dfsg-5.0 (Ubuntu Maverick) | Undecided | Invalid | ||
| 937869 | MySQL security update tracking bug | mysql-dfsg-5.0 (Ubuntu Natty) | Undecided | Invalid | ||
| 937869 | MySQL security update tracking bug | mysql-dfsg-5.0 (Ubuntu Oneiric) | Undecided | Invalid | ||
| 937869 | MySQL security update tracking bug | mysql-5.1 (Ubuntu Hardy) | Undecided | Invalid | ||
| 937869 | MySQL security update tracking bug | mysql-dfsg-5.0 (Ubuntu Hardy) | Undecided | Fix Released | ||
| 937869 | MySQL security update tracking bug | mysql-dfsg-5.1 (Ubuntu Hardy) | Undecided | Invalid | ||
See the 
CVE page on Mitre.org
for more details.
