CVE-2005-0004

The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*

History

05 Aug 2022, 14:26

Type Values Removed Values Added
First Time Mariadb
Mariadb mariadb
CWE NVD-CWE-Other CWE-59
CPE cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.2:alpha:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.3:beta:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.21:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.13:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.4:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.0:*:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*
cpe:2.3:a:mysql:mysql:4.1.3:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*
cpe:2.3:a:mysql:mysql:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.20:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.15:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.18:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:4.0.9:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/18922 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/18922 - Third Party Advisory, VDB Entry
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=110608297217224&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=110608297217224&w=2 - Third Party Advisory
References (MANDRAKE) http://www.mandriva.com/security/advisories?name=MDKSA-2005:036 - (MANDRAKE) http://www.mandriva.com/security/advisories?name=MDKSA-2005:036 - Broken Link
References (SECUNIA) http://secunia.com/advisories/13867 - Patch, Vendor Advisory (SECUNIA) http://secunia.com/advisories/13867 - Not Applicable
References (CONECTIVA) http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947 - (CONECTIVA) http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947 - Third Party Advisory
References (BID) http://www.securityfocus.com/bid/12277 - Patch, Vendor Advisory (BID) http://www.securityfocus.com/bid/12277 - Patch, Third Party Advisory, VDB Entry, Vendor Advisory
References (SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 - (SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 - Broken Link
References (CONFIRM) http://lists.mysql.com/internals/20600 - (CONFIRM) http://lists.mysql.com/internals/20600 - Third Party Advisory
References (CONFIRM) http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.html - (CONFIRM) http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.html - Broken Link

Information

Published : 2005-04-14 04:00

Updated : 2023-12-10 10:28


NVD link : CVE-2005-0004

Mitre link : CVE-2005-0004

CVE.ORG link : CVE-2005-0004


JSON object : View

Products Affected

debian

  • debian_linux

mariadb

  • mariadb

oracle

  • mysql
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')