Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2005-0004

Published: 14/04/2005 Updated: 05/08/2022
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Mysql

Vulnerability Summary

The mysqlaccess script in MySQL 4.0.23 and previous versions, 4.1.x prior to 4.1.10, 5.0.x prior to 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle mysql

debian debian linux 3.0

mariadb mariadb

Vendor Advisories

Ubuntu Security Notice: mysql-dfsg vulnerability
Javier Fern�ndez-Sanguino Pe�a noticed that the “mysqlaccess” program created temporary files in an insecure manner This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program ...
Debian Security Advisories: DSA-647-1 mysql -- insecure temporary files
Javier Fernandez-Sanguino Peña from the Debian Security Audit Project discovered a temporary file vulnerability in the mysqlaccess script of MySQL that could allow an unprivileged user to let root overwrite arbitrary files via a symlink attack and could also could unveil the contents of a temporary file which might contain sensitive information F ...

References

CWE-59http://www.debian.org/security/2005/dsa-647http://secunia.com/advisories/13867http://www.securityfocus.com/bid/12277http://lists.mysql.com/internals/20600http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1http://www.mandriva.com/security/advisories?name=MDKSA-2005:036http://marc.info/?l=bugtraq&m=110608297217224&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/18922https://usn.ubuntu.com/63-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook