CVE-2005-0004

Sažetak

The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.

Reference

http://www.debian.org/security/2005/dsa-647
http://secunia.com/advisories/13867
http://www.securityfocus.com/bid/12277
http://lists.mysql.com/internals/20600
http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1
http://www.mandriva.com/security/advisories?name=MDKSA-2005:036
http://marc.info/?l=bugtraq&m=110608297217224&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/18922

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

05-08-2022 - 14:26

Objavljeno

14-04-2005 - 04:00