The vio_verify_callback function in viosslfactories.c in MySQL
5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used,
accepts a value of zero for the depth of X.509 certificates, which
allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL
servers via a crafted certificate, as demonstrated by a certificate
presented by a server linked against the yaSSL library (CVE-2009-4028).
MySQL 5.1.x before 5.1.41 allows local users to bypass certain
privilege checks by calling CREATE TABLE on a MyISAM table with
modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments
that are originally associated with pathnames without symlinks,
and that can point to tables created at a future time at which a
pathname is modified to contain a symlink to a subdirectory of the
MySQL data home directory, related to incorrect calculation of the
mysql_unpacked_real_data_home value. NOTE: this vulnerability exists
because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079
(CVE-2009-4030).
