Red Hat Bugzilla – Bug 860808
CVE-2012-4452 mysql: regression of CVE-2009-4030
Last modified: 2013-01-08 02:11:14 EST
It was found that the fix for CVE-2009-4030 was removed from the MySQL packages as provided with RHSA-2012:0127 when it was updated to version 5.0.95. Upstream claimed to have corrected this in version 5.0.88, so the patch was removed when it did not apply. As a result, MySQL version 5.0.95-1.el5_7.1 became vulnerable to CVE-2009-4030 again.
For most default or typical configurations, this flaw has no impact. Please see https://bugzilla.redhat.com/show_bug.cgi?id=543653#c4 for further discussion on the possible scenarios where this flaw can be triggered. If the basedir and datadir directives are unchanged in MySQL's configuration or command-line arguments, this flaw has no impact.
This issue was discovered by Karel Volný of the Red Hat Quality Engineering team.
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2013:0121 https://rhn.redhat.com/errata/RHSA-2013-0121.html