CVE-2005-0004
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
5.8 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
26.5%
The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| oracle:mysql | oracle mysql | lt | 4.0.23 |
| oracle:mysql | oracle mysql | lt | 4.1.10 |
| oracle:mysql | oracle mysql | lt | 5.0.3 |
References
distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947
lists.mysql.com/internals/20600
marc.info/?l=bugtraq&m=110608297217224&w=2
mysql.osuosl.org/doc/mysql/en/News-4.1.10.html
secunia.com/advisories/13867
sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1
www.debian.org/security/2005/dsa-647
www.mandriva.com/security/advisories?name=MDKSA-2005:036
www.securityfocus.com/bid/12277
exchange.xforce.ibmcloud.com/vulnerabilities/18922
Related
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
5.8 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
26.5%