FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mysql-scripts -- mysqlaccess insecure temporary file creation

Affected packages
mysql-scripts < 3.23.58_2
4.* < mysql-scripts < 4.0.23a_1
4.1.* < mysql-scripts < 4.1.9_1
5.* < mysql-scripts < 5.0.2_1

Details

VuXML ID ce109fd4-67f3-11d9-a9e7-0001020eed82
Discovery 2005-01-12
Entry 2005-01-16
Modified 2005-01-17

The Debian Security Team reports:

Javier Fernández-Sanguino Peña from the Debian Security Audit Project discovered a temporary file vulnerability in the mysqlaccess script of MySQL that could allow an unprivileged user to let root overwrite arbitrary files via a symlink attack and could also could unveil the contents of a temporary file which might contain sensitive information.

References

CVE Name CVE-2005-0004
URL http://lists.mysql.com/internals/20600