MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2079 IDENTIFIER = WIND00123874
WIND00123875.zip for 2.0
WIND00123878.zip for 1.5
WIND00123877.zip for 1.4
1. Unzip the patch under [install_dir]/updates
2. Install the patch CD by entering the patch CD directory and run setup_linux.
3. This is a source only patch so you will have to build the kernel
4. Issue a make fs and make the kernel in a configured directory.
5. Upload the kernel and rootfs into the target and boot it up.
