CVE Vulnerabilities

CVE-2004-0457

Published: Sep 28, 2004 | Modified: Dec 17, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Affected Software

Name Vendor Start Version End Version
Mysql Oracle * 4.0.20 (including)
Mysql-dfsg Ubuntu dapper *
Mysql-dfsg Ubuntu edgy *
Mysql-dfsg-4.1 Ubuntu dapper *
Mysql-dfsg-4.1 Ubuntu edgy *
Mysql-dfsg-5.0 Ubuntu dapper *
Mysql-dfsg-5.0 Ubuntu devel *
Mysql-dfsg-5.0 Ubuntu edgy *
Mysql-dfsg-5.0 Ubuntu feisty *
Red Hat Enterprise Linux 3 RedHat mysql-0:3.23.58-2.3 *
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 RedHat *
Red Hat Enterprise Linux ES version 2.1 RedHat *
Red Hat Enterprise Linux WS version 2.1 RedHat *
Red Hat Linux Advanced Workstation 2.1 RedHat *

References