CVE-2009-4030 — Link Following in Oracle Mysql

CWE-59 — Link Following10 documents5 sources

Severity

4.4MEDIUMNVD

NVD2.1

EPSS

0.0%

top 92.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Mysql Mysql

Timeline

PublishedNov 30

Latest updateMay 17

Description

MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this v…

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages2 packages

▶NVDoracle/mysql5.0.88+23

▶NVDmysql/mysql5.1.23, 5.1.32, 5.1.5+2

🔴Vulnerability Details

GHSA

GHSA-552j-94gg-c5pj: MySQL 5↗2022-05-17

▶

GHSA

GHSA-q8q6-rcmj-g45q: MySQL 5↗2022-05-02

▶

📋Vendor Advisories

Red Hat

mysql: regression of CVE-2009-4030↗2012-09-27

▶

Ubuntu

MySQL vulnerabilities↗2012-03-12

▶

Ubuntu

MySQL vulnerabilities↗2010-02-10

▶

Red Hat

mysql: Incomplete fix for CVE-2008-2079 / CVE-2008-4098↗2009-11-04

▶

💬Community

Bugzilla

CVE-2012-4452 mysql: regression of CVE-2009-4030↗2012-09-26

▶

Bugzilla

CVE-2009-4030 mysql: Incomplete fix for CVE-2008-2079 / CVE-2008-4098↗2009-12-02

▶