CVE-2005-0004

The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947	Third Party Advisory
http://lists.mysql.com/internals/20600	Third Party Advisory
http://marc.info/?l=bugtraq&m=110608297217224&w=2	Third Party Advisory
http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.html	Broken Link
http://secunia.com/advisories/13867	Not Applicable
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1	Broken Link
http://www.debian.org/security/2005/dsa-647	Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:036	Broken Link
http://www.securityfocus.com/bid/12277	Patch Third Party Advisory VDB Entry Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18922	Third Party Advisory VDB Entry
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947	Third Party Advisory
http://lists.mysql.com/internals/20600	Third Party Advisory
http://marc.info/?l=bugtraq&m=110608297217224&w=2	Third Party Advisory
http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.html	Broken Link
http://secunia.com/advisories/13867	Not Applicable
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1	Broken Link
http://www.debian.org/security/2005/dsa-647	Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:036	Broken Link
http://www.securityfocus.com/bid/12277	Patch Third Party Advisory VDB Entry Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18922	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:mysql::::::::
	cpe:2.3:a:oracle:mysql::::::::
	cpe:2.3:a:oracle:mysql::::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*

History

20 Nov 2024, 23:54

Type	Values Removed	Values Added
References	~~() http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947 - Third Party Advisory~~	() http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947 - Third Party Advisory
References	~~() http://lists.mysql.com/internals/20600 - Third Party Advisory~~	() http://lists.mysql.com/internals/20600 - Third Party Advisory
References	~~() http://marc.info/?l=bugtraq&m=110608297217224&w=2 - Third Party Advisory~~	() http://marc.info/?l=bugtraq&m=110608297217224&w=2 - Third Party Advisory
References	~~() http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.html - Broken Link~~	() http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.html - Broken Link
References	~~() http://secunia.com/advisories/13867 - Not Applicable~~	() http://secunia.com/advisories/13867 - Not Applicable
References	~~() http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 - Broken Link~~	() http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 - Broken Link
References	~~() http://www.debian.org/security/2005/dsa-647 - Patch, Vendor Advisory~~	() http://www.debian.org/security/2005/dsa-647 - Patch, Vendor Advisory
References	~~() http://www.mandriva.com/security/advisories?name=MDKSA-2005:036 - Broken Link~~	() http://www.mandriva.com/security/advisories?name=MDKSA-2005:036 - Broken Link
References	~~() http://www.securityfocus.com/bid/12277 - Patch, Third Party Advisory, VDB Entry, Vendor Advisory~~	() http://www.securityfocus.com/bid/12277 - Patch, Third Party Advisory, VDB Entry, Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/18922 - Third Party Advisory, VDB Entry~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/18922 - Third Party Advisory, VDB Entry

05 Aug 2022, 14:26

Type	Values Removed	Values Added
CPE	cpe:2.3:a:oracle:mysql:4.0.7:::::::* cpe:2.3:a:oracle:mysql:4.0.11:::::::* cpe:2.3:a:oracle:mysql:4.1.4:::::::* cpe:2.3:o:debian:debian_linux:3.0::s-390::::: cpe:2.3:a:oracle:mysql:4.0.21:::::::* cpe:2.3:a:oracle:mysql:4.0.12:::::::* cpe:2.3:o:debian:debian_linux:3.0::ppc::::: cpe:2.3:o:debian:debian_linux:3.0::m68k::::: cpe:2.3:o:debian:debian_linux:3.0::alpha::::: cpe:2.3:a:oracle:mysql:4.0.20:::::::* cpe:2.3:a:oracle:mysql:4.0.6:::::::* cpe:2.3:o:gentoo:linux:::::::: cpe:2.3:a:oracle:mysql:4.0.15:::::::* cpe:2.3:o:debian:debian_linux:3.0::mipsel::::: cpe:2.3:a:oracle:mysql:4.0.9:::::::* cpe:2.3:a:oracle:mysql:4.0.14:::::::* cpe:2.3:a:mysql:mysql:4.1.3:::::::* cpe:2.3:a:oracle:mysql:4.0.13:::::::* cpe:2.3:o:redhat:fedora_core:core_1.0:::::::* cpe:2.3:a:oracle:mysql:4.0.3:::::::* cpe:2.3:a:oracle:mysql:4.0.2:::::::* cpe:2.3:a:oracle:mysql:4.1.2:alpha:::::: cpe:2.3:a:oracle:mysql:4.0.1:::::::* cpe:2.3:o:redhat:linux:7.3::i386::::: cpe:2.3:a:oracle:mysql:4.0.11:gamma:::::: cpe:2.3:o:debian:debian_linux:3.0::hppa::::: cpe:2.3:o:debian:debian_linux:3.0::sparc::::: cpe:2.3:o:debian:debian_linux:3.0::arm::::: cpe:2.3:o:debian:debian_linux:3.0::ia-32::::: cpe:2.3:a:oracle:mysql:4.0.8:::::::* cpe:2.3:a:oracle:mysql:4.1.5:::::::* cpe:2.3:a:oracle:mysql:4.1.0:alpha:::::: cpe:2.3:a:oracle:mysql:4.0.7:gamma:::::: cpe:2.3:a:oracle:mysql:4.0.8:gamma:::::: cpe:2.3:a:oracle:mysql:4.1.3:beta:::::: cpe:2.3:o:debian:debian_linux:3.0::mips::::: cpe:2.3:a:oracle:mysql:4.0.0:::::::* cpe:2.3:a:oracle:mysql:4.0.18:::::::* cpe:2.3:a:oracle:mysql:4.0.4:::::::* cpe:2.3:a:mysql:mysql:4.1.0:::::::* cpe:2.3:a:oracle:mysql:4.0.9:gamma:::::: cpe:2.3:a:oracle:mysql:4.0.10:::::::* cpe:2.3:o:debian:debian_linux:3.0::ia-64::::: cpe:2.3:o:redhat:linux:9.0::i386::::: cpe:2.3:a:oracle:mysql:4.0.5:::::::* cpe:2.3:a:oracle:mysql:4.0.5a:::::::*	cpe:2.3:a:mariadb:mariadb:::::::: cpe:2.3:o:debian:debian_linux:3.0:::::::* cpe:2.3:a:oracle:mysql::::::::
References	~~(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/18922 -~~	(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/18922 - Third Party Advisory, VDB Entry
References	~~(BID) http://www.securityfocus.com/bid/12277 - Patch, Vendor Advisory~~	(BID) http://www.securityfocus.com/bid/12277 - Patch, Third Party Advisory, VDB Entry, Vendor Advisory
References	~~(SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 -~~	(SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 - Broken Link
References	~~(CONFIRM) http://lists.mysql.com/internals/20600 -~~	(CONFIRM) http://lists.mysql.com/internals/20600 - Third Party Advisory
References	~~(CONFIRM) http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.html -~~	(CONFIRM) http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.html - Broken Link
References	~~(BUGTRAQ) http://marc.info/?l=bugtraq&m=110608297217224&w=2 -~~	(BUGTRAQ) http://marc.info/?l=bugtraq&m=110608297217224&w=2 - Third Party Advisory
References	~~(SECUNIA) http://secunia.com/advisories/13867 - Patch, Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/13867 - Not Applicable
References	~~(CONECTIVA) http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947 -~~	(CONECTIVA) http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947 - Third Party Advisory
References	~~(MANDRAKE) http://www.mandriva.com/security/advisories?name=MDKSA-2005:036 -~~	(MANDRAKE) http://www.mandriva.com/security/advisories?name=MDKSA-2005:036 - Broken Link
CWE	~~NVD-CWE-Other~~	CWE-59

Information

Published : 2005-04-14 04:00

Updated : 2024-11-20 23:54

NVD link : CVE-2005-0004

Mitre link : CVE-2005-0004

CVE.ORG link : CVE-2005-0004

JSON object : View

Products Affected

mariadb

mariadb

oracle

mysql

debian

debian_linux

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

4.6 /10