4.6

CVE-2005-1636

mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MysqlMysql Version5.0.1
MysqlMysql Version5.0.2
MysqlMysql Version5.0.3
MysqlMysql Version5.0.4
OracleMysql Version4.0.0
OracleMysql Version4.0.1
OracleMysql Version4.0.2
OracleMysql Version4.0.3
OracleMysql Version4.0.4
OracleMysql Version4.0.5
OracleMysql Version4.0.5a
OracleMysql Version4.0.6
OracleMysql Version4.0.7
OracleMysql Version4.0.7 Updategamma
OracleMysql Version4.0.8
OracleMysql Version4.0.8 Updategamma
OracleMysql Version4.0.9
OracleMysql Version4.0.9 Updategamma
OracleMysql Version4.0.10
OracleMysql Version4.0.11
OracleMysql Version4.0.11 Updategamma
OracleMysql Version5.0.0 Updatealpha
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.62% 0.447
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://marc.info/?l=full-disclosure&m=111632686805498&w=2
http://secunia.com/advisories/15369
http://secunia.com/advisories/17080
http://www.mandriva.com/security/advisories?name=MDKSA-2006:045
http://www.redhat.com/support/errata/RHSA-2005-685.html
http://www.securityfocus.com/bid/13660
http://www.zataz.net/adviso/mysql-05172005.txt
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158688
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9504