The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.

Javier Fernandez-Sanguino Peña from the Debian Security Audit Project discovered a temporary file vulnerability in the mysqlaccess script of MySQL that could allow an unprivileged user to let root overwrite arbitrary files via a symlink attack and could also could unveil the contents of a temporary file which might contain sensitive information.

For the stable distribution (woody) this problem has been fixed in version 3.23.49-8.9.

For the unstable distribution (sid) this problem has been fixed in version 4.0.23-3 of mysql-dfsg and in version 4.1.8a-6 of mysql-dfsg-4.1.

We recommend that you upgrade your mysql packages.

CVE-2005-0004: Debian -- Security Information -- DSA-647-1 mysql

Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function (gram.y), which leads to a heap-based buffer overflow, a different vulnerability than CVE-2005-0247.

CVE-2005-0245

Insecure directory permissions in RPM distribution for PostgreSQL allows local users to gain privileges by reading a plaintext password file.

CVE-1999-0862: IBM X-Force Exchange

mSQL v2.0.1 and below allows remote execution through a buffer overflow.

Tag

#sql