Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4452

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2012-4452
Last Modified 14 Jan 2013 11:33:29
Published 09 Oct 2012 07:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-4452

Summary

MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of a CVE-2009-4030 regression, which was not omitted in other packages and versions such as MySQL 5.0.95 in Red Hat Enterprise Linux 6.

Vulnerable Systems

Application

  • Mysql 5.0.88

  • Oracle Mysql 5.0.88


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=860808

BID - 55715

MLIST - [oss-security] 20120927 CVE-2009-4030 regression in mysql

REDHAT - RHSA-2013:0121

Related Patches

Red Hat 2013:0121-01 RHSA Low: mysql security and bug fix update for RHEL 5 x86


Last Updated: 27 May 2016 11:00:54