Vulnerability Name:

CVE-2012-4452 (CCN-78948)

Assigned:2012-09-27
Published:2012-09-27
Updated:2013-01-15
Summary:MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value.
Note: this vulnerability exists because of a CVE-2009-4030 regression, which was not omitted in other packages and versions such as MySQL 5.0.95 in Red Hat Enterprise Linux 6.
CVSS v3 Severity:5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
2.0 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
3.3 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
2.4 Low (REDHAT CVSS v2 Vector: AV:L/AC:H/Au:S/C:N/I:P/A:P)
2.3 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:H/Au:S/C:N/I:P/A:P/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-264
Vulnerability Consequences:File Manipulation
References:Source: MITRE
Type: CNA
CVE-2012-4452

Source: CCN
Type: MySQL Web site
MySQL

Source: CCN
Type: RHSA-2013-0121
Low: mysql security and bug fix update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0121

Source: MLIST
Type: UNKNOWN
[oss-security] 20120927 CVE-2009-4030 regression in mysql

Source: BID
Type: UNKNOWN
55715

Source: CCN
Type: BID-55715
MySQL MyISAM Table Symbolic Link CVE-2012-4452 Local Privilege Escalation Vulnerability

Source: CCN
Type: Red Hat Bugzilla Bug 860808
CVE-2012-4452 mysql: regression of CVE-2009-4030

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=860808

Source: XF
Type: UNKNOWN
mysql-myisam-table-symlink(78948)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version <= 5.0.88)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:mysql:5.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.12:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.14:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.15:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.16:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.17:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.23:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:23174
    P
    		ELSA-2013:0121: mysql security and bug fix update (Low)
    2014-05-26
    oval:org.mitre.oval:def:20470
    P
    		RHSA-2013:0121: mysql security and bug fix update (Low)
    2014-02-17
    oval:com.redhat.rhsa:def:20130121
    P
    		RHSA-2013:0121: mysql security and bug fix update (Low)
    2013-01-08
    BACK
    oracle mysql *
    mysql mysql 5.1.1
    mysql mysql 5.1.10
    mysql mysql 5.1.11
    mysql mysql 5.1.12
    mysql mysql 5.1.13
    mysql mysql 5.1.14
    mysql mysql 5.1.15
    mysql mysql 5.1.16
    mysql mysql 5.1.17
    mysql mysql 5.1.2
    mysql mysql 5.1.23
    mysql mysql 5.1.3
    mysql mysql 5.1
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 5