FreeBSD : mysql-scripts -- mysqlaccess insecure temporary file creation (ce109fd4-67f3-11d9-a9e7-0001020eed82)

medium Nessus Plugin ID 19128

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Debian Security Team reports :

Javier Fernandez-Sanguino Pena from the Debian Security Audit Project discovered a temporary file vulnerability in the mysqlaccess script of MySQL that could allow an unprivileged user to let root overwrite arbitrary files via a symlink attack and could also could unveil the contents of a temporary file which might contain sensitive information.

Solution

Update the affected packages.

See Also

https://lists.mysql.com/internals/20600

http://www.nessus.org/u?89f65966

Plugin Details

Severity: Medium

ID: 19128

File Name: freebsd_pkg_ce109fd467f311d9a9e70001020eed82.nasl

Version: 1.18

Type: local

Published: 7/13/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mysql-scripts, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 1/16/2005

Vulnerability Publication Date: 1/12/2005

Reference Information

CVE: CVE-2005-0004