 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2012-4452 |
| Description: | MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of a CVE-2009-4030 regression, which was not omitted in other packages and versions such as MySQL 5.0.95 in Red Hat Enterprise Linux 6. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.123757 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-4452 55715 http://www.securityfocus.com/bid/55715 RHSA-2013:0121 http://rhn.redhat.com/errata/RHSA-2013-0121.html [oss-security] 20120927 CVE-2009-4030 regression in mysql http://www.openwall.com/lists/oss-security/2012/09/27/1 https://bugzilla.redhat.com/show_bug.cgi?id=860808 https://bugzilla.redhat.com/show_bug.cgi?id=860808 |