Vulnerability Details : CVE-2012-4452
MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of a CVE-2009-4030 regression, which was not omitted in other packages and versions such as MySQL 5.0.95 in Red Hat Enterprise Linux 6.
Exploit prediction scoring system (EPSS) score for CVE-2012-4452
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 24 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-4452
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2012-4452
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-4452
-
http://rhn.redhat.com/errata/RHSA-2013-0121.html
RHSA-2013:0121 - Security Advisory - Red Hat Customer Portal
-
http://www.openwall.com/lists/oss-security/2012/09/27/1
oss-security - CVE-2009-4030 regression in mysql
-
http://www.securityfocus.com/bid/55715
MySQL MyISAM Table Symbolic Link CVE-2012-4452 Local Privilege Escalation Vulnerability
-
https://bugzilla.redhat.com/show_bug.cgi?id=860808
860808 – (CVE-2012-4452) CVE-2012-4452 mysql: regression of CVE-2009-4030
Products affected by CVE-2012-4452
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*