CVE-2005-0004

medium

Description

The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.

References

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947

http://lists.mysql.com/internals/20600

http://marc.info/?l=bugtraq&m=110608297217224&w=2

http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.html

http://secunia.com/advisories/13867

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1

http://www.debian.org/security/2005/dsa-647

http://www.mandriva.com/security/advisories?name=MDKSA-2005:036

http://www.securityfocus.com/bid/12277

https://exchange.xforce.ibmcloud.com/vulnerabilities/18922

Details

Source: MITRE

Published: 2005-04-14

Updated: 2019-12-17

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM