CVE-2012-4452

Name of the Vulnerable Software and Affected Versions MySQL versions 5.0.88 and possibly other versions

Description The issue allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified DATA DIRECTORY or INDEX DIRECTORY arguments. These arguments can point to tables created at a future time, allowing a pathname to be modified to contain a symlink to a subdirectory of the MySQL data home directory. This is related to incorrect calculation of the mysql unpacked real data home value.

Recommendations For MySQL version 5.0.88, consider restricting the use of the CREATE TABLE statement with modified DATA DIRECTORY or INDEX DIRECTORY arguments until a patch is available. For other possibly affected versions, at the moment, there is no information about a newer version that contains a fix for this issue.