Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0004

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2005-0004
Last Modified 10 Sep 2008 03:34:44
Published 14 Apr 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-0004

Summary

The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.

Vulnerable Systems

Operating System

  • Debian Linux 3.0

  • Gentoo Linux

  • Redhat Fedora Core Core 1.0

  • Redhat Linux 7.3

  • Redhat Linux 9.0

Application

  • Mysql 4.0.0

  • Mysql 4.0.1

  • Mysql 4.0.10

  • Mysql 4.0.11

  • Mysql 4.0.12

  • Mysql 4.0.13

  • Mysql 4.0.14

  • Mysql 4.0.15

  • Mysql 4.0.18

  • Mysql 4.0.2

  • Mysql 4.0.20

  • Mysql 4.0.21

  • Mysql 4.0.3

  • Mysql 4.0.4

  • Mysql 4.0.5

  • Mysql 4.0.5a

  • Mysql 4.0.6

  • Mysql 4.0.7

  • Mysql 4.0.8

  • Mysql 4.0.9

  • Mysql 4.1.0

  • Mysql 4.1.0.0

  • Mysql 4.1.2

  • Mysql 4.1.3

  • Mysql 4.1.4

  • Mysql 4.1.5


References

BID - 12277

DEBIAN - DSA-647

SECUNIA - 13867

XF - mysql-mysqlaccess-symlink(18922)

CONFIRM - http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.html

BUGTRAQ - 20050118 [USN-63-1] MySQL client vulnerability

CONFIRM - http://lists.mysql.com/internals/20600

CONECTIVA - CLA-2005:947

MANDRAKE - MDKSA-2005:036

SUNALERT - 101864


Last Updated: 27 May 2016 10:39:38