The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947
http://lists.mysql.com/internals/20600
http://marc.info/?l=bugtraq&m=110608297217224&w=2
http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.html
http://secunia.com/advisories/13867
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1
http://www.debian.org/security/2005/dsa-647
http://www.mandriva.com/security/advisories?name=MDKSA-2005:036
Source: MITRE
Published: 2005-04-14
Updated: 2019-12-17
Type: NVD-CWE-Other
Base Score: 4.6
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 3.9
Severity: MEDIUM