Detections
Analytics

MiracleLinux 3 : mysql-5.0.95-3.0.1.AXS3 (AXSA:2013-78:01)

high Nessus Plugin ID 289412

Synopsis

The remote MiracleLinux host is missing a security update.

Description

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-78:01 advisory.

 MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the MySQL client programs, the client shared libraries, and generic MySQL files.
 Security issues fixed with this release:
 CVE-2012-4452 MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value.
 NOTE: this vulnerability exists because of a CVE-2009-4030 regression, which was not omitted in other packages and versions such as MySQL 5.0.95.
 Fixed bugs:
 Previously, because the log file path in the logrotate script behaved unexpectedly, the logrotate function failed to rotate the /var/log/mysqld.log file. This has been fixed.
 Previously, mysqld sometimes failed when using the EXPLAIN flag in prepared statement mode. This has been fixed.
 Previously, the mysqld init script sometimes reported that mysql server startup had failed when it was actually started. This has been fixed.
 Previously, the --enable-profiling option was disabled by default; it is now enabled.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/3706

Plugin Details

Severity: High

ID: 289412

File Name: miracle_linux_AXSA-2013-78.nasl

Version: 1.1

Type: local

Published: 1/16/2026

Updated: 1/16/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2012-4452

CVSS v3

Risk Factor: High

Base Score: 7.1

Temporal Score: 6.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:mysql, p-cpe:/a:miracle:linux:mysql-server, p-cpe:/a:miracle:linux:mysql-bench, cpe:/o:miracle:linux:3, p-cpe:/a:miracle:linux:mysql-devel

Required KB Items: Host/local_checks_enabled, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 2/17/2013

Vulnerability Publication Date: 9/27/2012

Reference Information

CVE: CVE-2012-4452