Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1636

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2005-1636
Last Modified 07 Mar 2011 09:22:19
Published 17 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-1636

Summary

mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.

Vulnerable Systems

Application

  • Mysql 4.0.0

  • Mysql 4.0.1

  • Mysql 4.0.10

  • Mysql 4.0.11

  • Mysql 4.0.2

  • Mysql 4.0.3

  • Mysql 4.0.4

  • Mysql 4.0.5

  • Mysql 4.0.5a

  • Mysql 4.0.6

  • Mysql 4.0.7

  • Mysql 4.0.8

  • Mysql 4.0.9

  • Mysql 5.0.0

  • Mysql 5.0.0.0

  • Mysql 5.0.1

  • Mysql 5.0.2

  • Mysql 5.0.3

  • Mysql 5.0.4


References

CONFIRM - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158688

MISC - http://www.zataz.net/adviso/mysql-05172005.txt

BID - 13660

REDHAT - RHSA-2005:685

SECUNIA - 17080

SECUNIA - 15369

FULLDISC - 20050517 MySQL < 4.0.12 && MySQL <= 5.0.4 : Insecure tmp

MANDRIVA - MDKSA-2006:045


Last Updated: 27 May 2016 10:40:14