Vulnerability CVE-2005-0004 - CERT Civis.Net

Vulnerability Name:

CVE-2005-0004 (CCN-18922)

Assigned:

2005-01-17

Published:

2005-01-17

Updated:

2022-08-05

Summary:

The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

2.6 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

File Manipulation

References:

Source: MITRE
Type: CNA
CVE-2005-0004

Source: CONECTIVA
Type: Third Party Advisory
CLA-2005:947

Source: CONFIRM
Type: Third Party Advisory
http://lists.mysql.com/internals/20600

Source: BUGTRAQ
Type: Third Party Advisory
20050118 [USN-63-1] MySQL client vulnerability

Source: CONFIRM
Type: Broken Link
http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.html

Source: CCN
Type: SA13867
MySQL mysqlaccess Script Insecure Temporary File Creation

Source: SECUNIA
Type: Not Applicable
13867

Source: SUNALERT
Type: Broken Link
101864

Source: CCN
Type: Sun Alert ID: 201658
Multiple Security Vulnerabilities in The "MySQL" Package

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-647

Source: DEBIAN
Type: DSA-647
mysql -- insecure temporary files

Source: CCN
Type: GLSA-200501-33
MySQL: Insecure temporary file creation

Source: MANDRAKE
Type: Broken Link
MDKSA-2005:036

Source: CCN
Type: MySQL Web site
MySQL:The World's Most Popular Open Source Database

Source: CCN
Type: OpenPKG-SA-2005.006
MySQL

Source: CCN
Type: OSVDB ID: 13013
MySQL mysqlaccess.sh Symlink Arbitrary File Manipulation

Source: BID
Type: Patch, Third Party Advisory, VDB Entry, Vendor Advisory
12277

Source: CCN
Type: BID-12277
MySQL Database MySQLAccess Local Insecure Temporary File Creation Vulnerability

Source: CCN
Type: USN-63-1
MySQL client vulnerability

Source: XF
Type: Third Party Advisory, VDB Entry
mysql-mysqlaccess-symlink(18922)

Source: XF
Type: UNKNOWN
mysql-mysqlaccess-symlink(18922)

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 5.0.0 and < 5.0.3)

OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 4.0.0 and < 4.0.23)

OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 4.1.0 and < 4.1.10)

Configuration 2:

cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:mariadb:mariadb:*:*:*:*:*:*:*:* (Version >= 5.5.0 and < 5.5.66)

Configuration CCN 1:

cpe:/a:oracle:mysql:3.23.49:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.18:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.20:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.10:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.11:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.12:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.13:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.14:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.15:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.21:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.5:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.6:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.7:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.8:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.9:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.0:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.2:alpha:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.3:beta:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.5:*:*:*:*:*:*:*

AND

cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*

OR cpe:/a:openpkg:openpkg:2.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.debian:def:647	V	insecure temporary files	2005-01-19