CVE-2005-0004 — Link Following in Oracle Mysql

CWE-59 — Link Following CWE-266 — Incorrect Privilege Assignment5 documents5 sources

Severity

4.6MEDIUMNVD

EPSS

0.0%

top 86.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mariadb Oracle Mysql Debian Linux

Timeline

PublishedApr 14

Latest updateMay 1

Description

The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

▶NVDoracle/mysql4.0.0 — 4.0.23+2

▶NVDmariadb/mariadb5.5.0 — 5.5.66

Also affects: Debian Linux 3.0

Patches

Patch: www.debian.org ↗Patch: www.securityfocus.com ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-7f63-6j3v-p9vw: The mysqlaccess script in MySQL 4↗2022-05-01

▶

📋Vendor Advisories

Red Hat

mysql: mysqlaccess creates/overwrite files on the system↗2005-01-19

▶

Ubuntu

MySQL client vulnerability↗2005-01-19

▶

💬Community

Bugzilla

CVE-2005-0004 mysql: CVE-2005-0004 mysqlaccess creates/overwrite files on the system↗2016-10-18

▶