MySQL Database MySQLAccess Local Insecure Temporary File Creation Vulnerability

BID:12277

Info

MySQL Database MySQLAccess Local Insecure Temporary File Creation Vulnerability

Bugtraq ID: 12277
Class: Design Error
CVE: CVE-2005-0004
Remote: No
Local: Yes
Published: Jan 17 2005 12:00AM
Updated: Jul 12 2009 10:06AM
Credit: Javier Fernández-Sanguino Peña is credited with the discovery of this issue.
Vulnerable: Sun Solaris 10.0_x86
Sun Solaris 10
Redhat Linux 9.0 i386
Redhat Linux 7.3 i386
Redhat Fedora Core1
MySQL AB MySQL 4.1.5
MySQL AB MySQL 4.1.4
MySQL AB MySQL 4.1.3 -beta
MySQL AB MySQL 4.1.3 -beta
MySQL AB MySQL 4.1.3 -0
MySQL AB MySQL 4.1.2 -alpha
MySQL AB MySQL 4.0.21
MySQL AB MySQL 4.0.20
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
MySQL AB MySQL 4.0.18
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
MySQL AB MySQL 4.0.15
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ OpenPKG OpenPKG Current
MySQL AB MySQL 4.0.14
+ OpenPKG OpenPKG 1.3
+ OpenPKG OpenPKG Current
+ Trustix Secure Linux 2.0
MySQL AB MySQL 4.0.13
MySQL AB MySQL 4.0.12
MySQL AB MySQL 4.0.11 -gamma
MySQL AB MySQL 4.0.11
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
MySQL AB MySQL 4.0.10
MySQL AB MySQL 4.0.9 -gamma
MySQL AB MySQL 4.0.9
MySQL AB MySQL 4.0.8 -gamma
MySQL AB MySQL 4.0.8
MySQL AB MySQL 4.0.7 -gamma
MySQL AB MySQL 4.0.7
MySQL AB MySQL 4.0.6
MySQL AB MySQL 4.0.5 a
MySQL AB MySQL 4.0.5
MySQL AB MySQL 4.0.4
MySQL AB MySQL 4.0.3
MySQL AB MySQL 4.0.2
MySQL AB MySQL 4.0.1
MySQL AB MySQL 4.0 .0
MySQL AB MySQL 4.1.0.0-alpha
MySQL AB MySQL 4.1.0-0
Gentoo Linux
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Not Vulnerable:

Discussion

MySQL Database MySQLAccess Local Insecure Temporary File Creation Vulnerability

A local insecure temporary file creation vulnerability affects the MySQL Database. This issue is due to a failure of a script bundled with the application to securely create temporary files in globally accessible locations.

An attacker may leverage this issue to corrupt arbitrary files with the privileges of the user that activates the vulnerable script.

Exploit / POC

MySQL Database MySQLAccess Local Insecure Temporary File Creation Vulnerability

No exploit is required to leverage this issue.

Solution / Fix

MySQL Database MySQLAccess Local Insecure Temporary File Creation Vulnerability

Solution:
Ubuntu has released advisory USN-63-1 to address this issue. Please see the referenced advisory for more information.

Debian has released an additional security advisory (DSA 647-1) and fixes to address this vulnerability. Customers are advised to see the referenced advisory for further details regarding obtaining and applying appropriate updates.

Gentoo Linux has released advisory GLSA 200501-33 to address this issue. Users of affected packages are urged to execute the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=dev-db/mysql-4.0.22-r2"
Please see the referenced advisory for further information.

Mandrake has released advisory MDKSA-2005:036 to address this vulnerability. Please see the attached advisory for details on obtaining and applying fixes.

A Fedora Legacy advisory FLSA:2129 is available to address this issue in Red Hat Linux 7.3, Red Hat Linux 9, and Fedora Core 1 for the i386 architecture. Please see the referenced advisory for more information.

Conectiva Linux has released advisory CLA-2005:947 along with fixes dealing with this issue. Please see the referenced advisory for more information.

OpenPKG has released advisory OpenPKG-SA-2005.006 and fixes for this issue. Please see the referenced advisory for information on obtaining the fixed packages.

Sun has released a security advisory (Sun Alert ID: 101864) addressing this and other issues in MySQL for Solaris 10. Please see the referenced advisory for further information.


Sun Solaris 10.0_x86

Sun Solaris 10

MySQL AB MySQL 4.0.15

MySQL AB MySQL 4.0.18

MySQL AB MySQL 4.0.20

MySQL AB MySQL 4.0.21

References

MySQL Database MySQLAccess Local Insecure Temporary File Creation Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report