CVE-2005-0004

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2005-0004
The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.

4.6 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947 Third Party Advisory
http://lists.mysql.com/internals/20600 Third Party Advisory
http://marc.info/?l=bugtraq&m=110608297217224&w=2 Third Party Advisory
http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.html Broken Link
http://secunia.com/advisories/13867 Not Applicable
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 Broken Link
http://www.debian.org/security/2005/dsa-647 Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:036 Broken Link
http://www.securityfocus.com/bid/12277 Patch Third Party Advisory VDB Entry Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18922 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
History

05 Aug 2022, 14:26

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:mysql:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.4:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.21:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.12:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.20:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.6:*:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.15:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.14:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.13:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.2:alpha:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.3:beta:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.18:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*
cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*		 cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/18922 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/18922 - Third Party Advisory, VDB Entry
References (BID) http://www.securityfocus.com/bid/12277 - Patch, Vendor Advisory (BID) http://www.securityfocus.com/bid/12277 - Patch, Third Party Advisory, VDB Entry, Vendor Advisory
References (SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 - (SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 - Broken Link
References (CONFIRM) http://lists.mysql.com/internals/20600 - (CONFIRM) http://lists.mysql.com/internals/20600 - Third Party Advisory
References (CONFIRM) http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.html - (CONFIRM) http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.html - Broken Link
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=110608297217224&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=110608297217224&w=2 - Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/13867 - Patch, Vendor Advisory (SECUNIA) http://secunia.com/advisories/13867 - Not Applicable
References (CONECTIVA) http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947 - (CONECTIVA) http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947 - Third Party Advisory
References (MANDRAKE) http://www.mandriva.com/security/advisories?name=MDKSA-2005:036 - (MANDRAKE) http://www.mandriva.com/security/advisories?name=MDKSA-2005:036 - Broken Link
CWE NVD-CWE-Other CWE-59
Information

Published : 2005-04-14 04:00

Updated : 2024-02-04 16:52

NVD link : CVE-2005-0004

Mitre link : CVE-2005-0004

CVE.ORG link : CVE-2005-0004

JSON object : View

Products Affected

oracle

  • mysql

mariadb

  • mariadb

debian

  • debian_linux
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')