OpenBSD VuXML: Documenting security issues in the OpenBSD Ports & Packages Collection

mysql-server -- mysqlaccess insecure temporary file creation

Affected packages
mysql-server < 4.0.23p1

Details

VuXML ID 5efb4690-6abb-11d9-99e9-00065bd5b0b6
Discovery 2005-01-12
Entry 2005-01-19

The Debian Security Team reports:

Javier Fernandez-Sanguino Pena from the Debian Security Audit Project discovered a temporary file vulnerability in the mysqlaccess script of MySQL that could allow an unprivileged user to let root overwrite arbitrary files via a symlink attack and could also could unveil the contents of a temporary file which might contain sensitive information.

References

CVE Name CAN-2005-0004
URL http://lists.mysql.com/internals/20600

Copyright © 2003-2005 Jacques Vidrine, Robert Nagy, and contributors.
Please see the source of this document for full copyright information.