The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.
References
Link | Resource |
---|---|
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947 | Third Party Advisory |
http://lists.mysql.com/internals/20600 | Third Party Advisory |
http://marc.info/?l=bugtraq&m=110608297217224&w=2 | Third Party Advisory |
http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.html | Broken Link |
http://secunia.com/advisories/13867 | Not Applicable |
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 | Broken Link |
http://www.debian.org/security/2005/dsa-647 | Patch Vendor Advisory |
http://www.mandriva.com/security/advisories?name=MDKSA-2005:036 | Broken Link |
http://www.securityfocus.com/bid/12277 | Patch Third Party Advisory VDB Entry Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/18922 | Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2005-04-14 04:00
Updated : 2024-02-28 10:42
NVD link : CVE-2005-0004
Mitre link : CVE-2005-0004
CVE.ORG link : CVE-2005-0004
JSON object : View
Products Affected
mariadb
- mariadb
oracle
- mysql
debian
- debian_linux
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')