CVE Vulnerabilities

CVE-2005-1636

Published: May 17, 2005 | Modified: Dec 17, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the files contents.

Affected Software

Name Vendor Start Version End Version
Mysql Mysql 5.0.3 5.0.3
Mysql Mysql 5.0.2 5.0.2
Mysql Mysql 5.0.1 5.0.1
Mysql Mysql 5.0.4 5.0.4
Mysql Oracle 4.0.0 4.0.0
Mysql Oracle 4.0.1 4.0.1
Mysql Oracle 4.0.2 4.0.2
Mysql Oracle 4.0.3 4.0.3
Mysql Oracle 4.0.4 4.0.4
Mysql Oracle 4.0.5 4.0.5
Mysql Oracle 4.0.5a 4.0.5a
Mysql Oracle 4.0.6 4.0.6
Mysql Oracle 4.0.7 4.0.7
Mysql Oracle 4.0.7 4.0.7
Mysql Oracle 4.0.8 4.0.8
Mysql Oracle 4.0.8 4.0.8
Mysql Oracle 4.0.9 4.0.9
Mysql Oracle 4.0.9 4.0.9
Mysql Oracle 4.0.10 4.0.10
Mysql Oracle 4.0.11 4.0.11
Mysql Oracle 4.0.11 4.0.11
Mysql Oracle 5.0.0 5.0.0

References