The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
| Link | Tags |
|---|---|
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947 | third party advisory vendor advisory |
| http://www.debian.org/security/2005/dsa-647 | patch vendor advisory |
| http://www.mandriva.com/security/advisories?name=MDKSA-2005:036 | vendor advisory broken link |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 | vendor advisory broken link |
| http://marc.info/?l=bugtraq&m=110608297217224&w=2 | third party advisory mailing list |
| http://secunia.com/advisories/13867 | third party advisory not applicable |
| http://www.securityfocus.com/bid/12277 | patch vendor advisory vdb entry third party advisory |
| http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.html | broken link |
| http://lists.mysql.com/internals/20600 | third party advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18922 | vdb entry third party advisory |