mysql-scripts -- mysqlaccess insecure temporary file creation

2005-01-12T00:00:00
ID CE109FD4-67F3-11D9-A9E7-0001020EED82
Type freebsd
Reporter FreeBSD
Modified 2005-01-17T00:00:00

Description

The Debian Security Team reports:

Javier Fernández-Sanguino Peña from the Debian Security Audit Project discovered a temporary file vulnerability in the mysqlaccess script of MySQL that could allow an unprivileged user to let root overwrite arbitrary files via a symlink attack and could also could unveil the contents of a temporary file which might contain sensitive information.