Launchpad.net

CVE 2005-0004

The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.

Related bugs and status

CVE-2005-0004 (Candidate) is related to these bugs:

Bug #11901: nagios-mysql: no status update after mysql update

Summary				In	Importance	Status
	11901	nagios-mysql: no status update after mysql update		mysql-dfsg-4.1 (Ubuntu)	High	Fix Released
	11901	nagios-mysql: no status update after mysql update		mysql-dfsg-4.1 (Debian)	Unknown	Fix Released

Bug #12026: temporary file security hole in mysqlaccess

Summary				In	Importance	Status
	12026	temporary file security hole in mysqlaccess		mysql-dfsg (Ubuntu)	High	Fix Released
	12026	temporary file security hole in mysqlaccess		mysql-dfsg (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://lists.mysql.com...
CONFIRM: http://mysql.osuosl.or...
DEBIAN: DSA-647
SECUNIA: 13867
BID: 12277
SUNALERT: 101864
MANDRAKE: MDKSA-2005:036
CONECTIVA: CLA-2005:947
BUGTRAQ: 20050118 [USN-63-1] My...
XF: mysql-mysqlaccess-syml...