Vulnerability Details : CVE-2005-0004
The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.
Threat overview for CVE-2005-0004
Top countries where our scanners detected CVE-2005-0004
Top open port discovered on systems with this issue
3306
IPs affected by CVE-2005-0004 911
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2005-0004!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2005-0004
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 25 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2005-0004
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
CWE ids for CVE-2005-0004
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2005-0004
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/18922
Third Party Advisory;VDB Entry
-
http://www.debian.org/security/2005/dsa-647
Patch;Vendor Advisory
-
http://lists.mysql.com/internals/20600
Third Party Advisory
-
http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.html
Broken Link
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1
Broken Link
-
http://www.mandriva.com/security/advisories?name=MDKSA-2005:036
Broken Link
-
http://www.securityfocus.com/bid/12277
Patch;Third Party Advisory;VDB Entry;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=110608297217224&w=2
Third Party Advisory
-
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947
Third Party Advisory
Products affected by CVE-2005-0004
- cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*