CVE-2012-4452
Summary
| CVE | CVE-2012-4452 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2012-10-09 23:55:00 UTC |
| Updated | 2023-11-07 02:11:00 UTC |
| Description | MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of a CVE-2009-4030 regression, which was not omitted in other packages and versions such as MySQL 5.0.95 in Red Hat Enterprise Linux 6. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| MySQL MyISAM Table Symbolic Link CVE-2012-4452 Local Privilege Escalation Vulnerability | BID | www.securityfocus.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| 860808 – (CVE-2012-4452) CVE-2012-4452 mysql: regression of CVE-2009-4030 | CONFIRM | bugzilla.redhat.com | |
| oss-security - CVE-2009-4030 regression in mysql | MLIST | www.openwall.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.