Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4452


Vulnerability Score 2.1 2.1
CVE Id CVE-2012-4452
Last Modified 14 Jan 2013 11:33:29
Published 09 Oct 2012 07:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE



MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of a CVE-2009-4030 regression, which was not omitted in other packages and versions such as MySQL 5.0.95 in Red Hat Enterprise Linux 6.

Vulnerable Systems


  • Mysql 5.0.88

  • Oracle Mysql 5.0.88



BID - 55715

MLIST - [oss-security] 20120927 CVE-2009-4030 regression in mysql

REDHAT - RHSA-2013:0121

Related Patches

Red Hat 2013:0121-01 RHSA Low: mysql security and bug fix update for RHEL 5 x86

Last Updated: 27 May 2016 11:00:54