CVE-2012-4452Oracle Mysql vulnerability

4 documents4 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 75.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Mysql
Timeline
PublishedOct 9
Latest updateMay 17

Description

MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_rea

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDoracle/mysql5.0.88

🔴Vulnerability Details

1
GHSA
GHSA-552j-94gg-c5pj: MySQL 52022-05-17

📋Vendor Advisories

1
Red Hat
mysql: regression of CVE-2009-40302012-09-27

💬Community

1
Bugzilla
CVE-2012-4452 mysql: regression of CVE-2009-40302012-09-26