ID CVE-2005-0004
Summary The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.
References
Vulnerable Configurations
  • MySQL MySQL 4.0.0
    cpe:2.3:a:mysql:mysql:4.0.0
  • MySQL MySQL 4.0.1
    cpe:2.3:a:mysql:mysql:4.0.1
  • MySQL MySQL 4.0.10
    cpe:2.3:a:mysql:mysql:4.0.10
  • MySQL MySQL 4.0.11
    cpe:2.3:a:mysql:mysql:4.0.11
  • MySQL MySQL 4.0.11 gamma
    cpe:2.3:a:mysql:mysql:4.0.11:gamma
  • MySQL MySQL 4.0.12
    cpe:2.3:a:mysql:mysql:4.0.12
  • MySQL MySQL 4.0.13
    cpe:2.3:a:mysql:mysql:4.0.13
  • MySQL MySQL 4.0.14
    cpe:2.3:a:mysql:mysql:4.0.14
  • MySQL MySQL 4.0.15
    cpe:2.3:a:mysql:mysql:4.0.15
  • MySQL MySQL 4.0.18
    cpe:2.3:a:mysql:mysql:4.0.18
  • MySQL MySQL 4.0.2
    cpe:2.3:a:mysql:mysql:4.0.2
  • MySQL MySQL 4.0.20
    cpe:2.3:a:mysql:mysql:4.0.20
  • MySQL MySQL 4.0.21
    cpe:2.3:a:mysql:mysql:4.0.21
  • MySQL MySQL 4.0.3
    cpe:2.3:a:mysql:mysql:4.0.3
  • MySQL MySQL 4.0.4
    cpe:2.3:a:mysql:mysql:4.0.4
  • MySQL MySQL 4.0.5
    cpe:2.3:a:mysql:mysql:4.0.5
  • MySQL MySQL 4.0.5a
    cpe:2.3:a:mysql:mysql:4.0.5a
  • MySQL MySQL 4.0.6
    cpe:2.3:a:mysql:mysql:4.0.6
  • MySQL MySQL 4.0.7
    cpe:2.3:a:mysql:mysql:4.0.7
  • MySQL MySQL 4.0.7 gamma
    cpe:2.3:a:mysql:mysql:4.0.7:gamma
  • MySQL MySQL 4.0.8
    cpe:2.3:a:mysql:mysql:4.0.8
  • MySQL MySQL 4.0.8 gamma
    cpe:2.3:a:mysql:mysql:4.0.8:gamma
  • MySQL MySQL 4.0.9
    cpe:2.3:a:mysql:mysql:4.0.9
  • MySQL MySQL 4.0.9 gamma
    cpe:2.3:a:mysql:mysql:4.0.9:gamma
  • MySQL MySQL 4.1.0.0
    cpe:2.3:a:mysql:mysql:4.1.0.0
  • MySQL MySQL 4.1.0 alpha
    cpe:2.3:a:mysql:mysql:4.1.0:alpha
  • MySQL MySQL 4.1.2 alpha
    cpe:2.3:a:mysql:mysql:4.1.2:alpha
  • MySQL MySQL 4.1.3
    cpe:2.3:a:mysql:mysql:4.1.3
  • MySQL MySQL 4.1.3 beta
    cpe:2.3:a:mysql:mysql:4.1.3:beta
  • MySQL MySQL 4.1.4
    cpe:2.3:a:mysql:mysql:4.1.4
  • MySQL MySQL 4.1.5
    cpe:2.3:a:mysql:mysql:4.1.5
  • cpe:2.3:o:debian:debian_linux:3.0:-:alpha
    cpe:2.3:o:debian:debian_linux:3.0:-:alpha
  • cpe:2.3:o:debian:debian_linux:3.0:-:arm
    cpe:2.3:o:debian:debian_linux:3.0:-:arm
  • cpe:2.3:o:debian:debian_linux:3.0:-:hppa
    cpe:2.3:o:debian:debian_linux:3.0:-:hppa
  • cpe:2.3:o:debian:debian_linux:3.0:-:ia-32
    cpe:2.3:o:debian:debian_linux:3.0:-:ia-32
  • cpe:2.3:o:debian:debian_linux:3.0:-:ia-64
    cpe:2.3:o:debian:debian_linux:3.0:-:ia-64
  • cpe:2.3:o:debian:debian_linux:3.0:-:m68k
    cpe:2.3:o:debian:debian_linux:3.0:-:m68k
  • cpe:2.3:o:debian:debian_linux:3.0:-:mips
    cpe:2.3:o:debian:debian_linux:3.0:-:mips
  • cpe:2.3:o:debian:debian_linux:3.0:-:mipsel
    cpe:2.3:o:debian:debian_linux:3.0:-:mipsel
  • cpe:2.3:o:debian:debian_linux:3.0:-:ppc
    cpe:2.3:o:debian:debian_linux:3.0:-:ppc
  • cpe:2.3:o:debian:debian_linux:3.0:-:s-390
    cpe:2.3:o:debian:debian_linux:3.0:-:s-390
  • cpe:2.3:o:debian:debian_linux:3.0:-:sparc
    cpe:2.3:o:debian:debian_linux:3.0:-:sparc
  • Gentoo Linux
    cpe:2.3:o:gentoo:linux
  • cpe:2.3:o:redhat:fedora_core:core_1.0
    cpe:2.3:o:redhat:fedora_core:core_1.0
  • cpe:2.3:o:redhat:linux:7.3:-:i386
    cpe:2.3:o:redhat:linux:7.3:-:i386
  • cpe:2.3:o:redhat:linux:9.0:-:i386
    cpe:2.3:o:redhat:linux:9.0:-:i386
CVSS
Base: 4.6 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_120292.NASL
    description SunOS 5.10 : mysql patch. Date this patch was last updated by Sun : Jun/27/08 This plugin has been deprecated and either replaced with individual 120292 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 19447
    published 2005-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19447
    title Solaris 10 (sparc) : 120292-02 (deprecated)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_120292-02.NASL
    description SunOS 5.10 : mysql patch. Date this patch was last updated by Sun : Jun/27/08
    last seen 2019-01-19
    modified 2019-01-18
    plugin id 107361
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107361
    title Solaris 10 (sparc) : 120292-02
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-036.NASL
    description A temporary file vulnerability in the mysqlaccess script in MySQL was discovered by Javier Fernandez-Sanguino Pena. This flaw could allow an unprivileged user to let root overwrite arbitrary files via a symlink attack. It could also be used to view the contents of a temporary file which could contain sensitive information. The updated packages have been patched to prevent these problems.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 16379
    published 2005-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16379
    title Mandrake Linux Security Advisory : MySQL (MDKSA-2005:036)
  • NASL family Databases
    NASL id MYSQL_CLIENT_SYMLINK_ATTACK.NASL
    description The version of MySQL installed on the remote host is older than 3.23.50, 4.0.24, 4.1.6 or 5.0.3. As such, the mysqlaccess script included with it reportedly could be used to read or overwrite arbitrary files via a symlink attack.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 17838
    published 2012-01-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17838
    title MySQL < 3.23.50 / 4.0.24 / 4.1.6 / 5.0.3 Insecure Temporary File Creation
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200501-33.NASL
    description The remote host is affected by the vulnerability described in GLSA-200501-33 (MySQL: Insecure temporary file creation) Javier Fernandez-Sanguino Pena from the Debian Security Audit Project discovered that the 'mysqlaccess' script creates temporary files in world-writeable directories with predictable names. Impact : A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When the mysqlaccess script is executed, this would result in the file being overwritten with the rights of the user running the software, which could be the root user. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 16424
    published 2005-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16424
    title GLSA-200501-33 : MySQL: Insecure temporary file creation
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-647.NASL
    description Javier Fernandez-Sanguino Pena from the Debian Security Audit Project discovered a temporary file vulnerability in the mysqlaccess script of MySQL that could allow an unprivileged user to let root overwrite arbitrary files via a symlink attack and could also could unveil the contents of a temporary file which might contain sensitive information.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 16214
    published 2005-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16214
    title Debian DSA-647-1 : mysql - insecure temporary files
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_120293-02.NASL
    description SunOS 5.10_x86 : mysql patch. Date this patch was last updated by Sun : Jun/27/08
    last seen 2019-01-19
    modified 2019-01-18
    plugin id 107863
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107863
    title Solaris 10 (x86) : 120293-02
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_120293.NASL
    description SunOS 5.10_x86 : mysql patch. Date this patch was last updated by Sun : Jun/27/08 This plugin has been deprecated and either replaced with individual 120293 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 19452
    published 2005-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19452
    title Solaris 10 (x86) : 120293-02 (deprecated)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_CE109FD467F311D9A9E70001020EED82.NASL
    description The Debian Security Team reports : Javier Fernandez-Sanguino Pena from the Debian Security Audit Project discovered a temporary file vulnerability in the mysqlaccess script of MySQL that could allow an unprivileged user to let root overwrite arbitrary files via a symlink attack and could also could unveil the contents of a temporary file which might contain sensitive information.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 19128
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19128
    title FreeBSD : mysql-scripts -- mysqlaccess insecure temporary file creation (ce109fd4-67f3-11d9-a9e7-0001020eed82)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-63-1.NASL
    description Javier Fernandez-Sanguino Pena noticed that the 'mysqlaccess' program created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20682
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20682
    title Ubuntu 4.10 : mysql-dfsg vulnerability (USN-63-1)
refmap via4
bid 12277
bugtraq 20050118 [USN-63-1] MySQL client vulnerability
conectiva CLA-2005:947
confirm
debian DSA-647
mandrake MDKSA-2005:036
secunia 13867
sunalert 101864
xf mysql-mysqlaccess-symlink(18922)
Last major update 17-10-2016 - 23:07
Published 14-04-2005 - 00:00
Last modified 10-07-2017 - 21:32
Back to Top