Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2012-4452 | First vendor Publication | 2012-10-09 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 2.1 | Attack Range | Local |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of a CVE-2009-4030 regression, which was not omitted in other packages and versions such as MySQL 5.0.95 in Red Hat Enterprise Linux 6. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4452 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:20470 | |||
| Oval ID: | oval:org.mitre.oval:def:20470 | ||
| Title: | RHSA-2013:0121: mysql security and bug fix update (Low) | ||
| Description: | MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of a CVE-2009-4030 regression, which was not omitted in other packages and versions such as MySQL 5.0.95 in Red Hat Enterprise Linux 6. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0121-00 CESA-2013:0121 CVE-2012-4452 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | mysql |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23174 | |||
| Oval ID: | oval:org.mitre.oval:def:23174 | ||
| Title: | ELSA-2013:0121: mysql security and bug fix update (Low) | ||
| Description: | MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of a CVE-2009-4030 regression, which was not omitted in other packages and versions such as MySQL 5.0.95 in Red Hat Enterprise Linux 6. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0121-00 CVE-2012-4452 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | mysql |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:26702 | |||
| Oval ID: | oval:org.mitre.oval:def:26702 | ||
| Title: | DEPRECATED: ELSA-2013-0121 -- mysql security and bug fix update (low) | ||
| Description: | [5.0.95-3] - Re-add patch for CVE-2009-4030, mistakenly removed in 5.0.95 rebase Resolves: CVE-2012-4452 [5.0.95-2] - Support rotation of mysqld log (though this is not enabled by default) Resolves: #647223 - Fix crash with EXPLAIN and prepared statements Resolves: #654000 - Adopt init script updates from the last Fedora init script (F-15) Resolves: #703476 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0121 CVE-2012-4452 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | mysql |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0121.nasl - Type : ACT_GATHER_INFO |
| 2013-01-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0121.nasl - Type : ACT_GATHER_INFO |
| 2013-01-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130108_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-01-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0121.nasl - Type : ACT_GATHER_INFO |
| 2012-11-15 | Name : The remote database server is affected by a local user to bypass privilege ce... File : mysql_5_0_95_create_table_bypass.nasl - Type : ACT_GATHER_INFO |
| 2009-11-25 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_0_88.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 22:59:31 |
|
| 2024-11-28 12:31:30 |
|
| 2023-11-07 21:46:39 |
|
| 2023-02-13 05:28:30 |
|
| 2021-05-04 12:21:35 |
|
| 2021-04-22 01:25:42 |
|
| 2020-11-10 01:08:32 |
|
| 2020-05-23 01:49:41 |
|
| 2020-05-23 00:34:39 |
|
| 2019-10-09 12:04:59 |
|
| 2019-10-09 01:05:10 |
|
| 2019-04-27 12:02:47 |
|
| 2016-04-26 22:14:12 |
|
| 2014-02-17 11:13:13 |
|
| 2013-05-10 22:45:55 |
|
| 2013-01-15 13:21:15 |
|
