Lucene search

[email protected]CVE-2004-0457

HistorySep 28, 2004 - 4:00 a.m.

CVE-2004-0457

2004-09-2804:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-0457

mysql

symlink attack

security vulnerability

nvd

5.9 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

26.8%

JSON

The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CPENameOperatorVersion
oracle:mysqloracle mysqlle4.0.20

CPE	Name	Operator	Version
oracle:mysql	oracle mysql	le	4.0.20

References

packages.debian.org/changelogs/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-11/changelog

www.ciac.org/ciac/bulletins/p-018.shtml

www.debian.org/security/2004/dsa-540

www.redhat.com/support/errata/RHSA-2004-597.html

exchange.xforce.ibmcloud.com/vulnerabilities/17030

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10693

5.9 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

26.8%

JSON

Related for CVE-2004-0457

openvas7 nessus9 osv1 freebsd1 debian2 gentoo1 securityvulns1 ubuntucve1 cve1 redhat2