Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.1.11
-
None
-
Linux
Description
CVE-2005-0004 was filed in 2005 against mysql for the mysqlaccess script. Scanners report:
-The following file versions were found to be less than 2.07: <path>/bin/mysqlaccess
- Certain versions of the 'mysqlaccess' program shipped with MySQL are vulnerable to a symlink attack because the temporary files used are easy to predict. As a result, a local attacker can overwrite any file which the calling process has write access to.
Looking at the mysqlaccess shipped in MariaDB 10.1.11 (and earlier), we find:
package MySQLaccess; |
#use strict;
|
use File::Temp qw(tempfile tmpnam); |
use Fcntl; |
|
|
BEGIN {
|
# **************************** |
# static information... |
$VERSION = "2.06, 20 Dec 2000"; |
So the question is – Is MariaDB actually vulnerable, or has it simply failed to update the version listed in mysqlaccess?
Attachments
Activity
Right, the changes are there (in 10.1, 10.0, 5.5, probably in earlier versions as well), but the version is "2.06, 20 Dec 2000", same as in MySQL.
Viewing the history (https://github.com/MariaDB/server/commit/4bdf479da07516fa13b63439f756c2d667e7acd6#diff-207f5e197b454fe83cdcf3972bc7b4de), it clearly was fixed.
It would be useful to increment the version shipped in MariaDB so it does not show up as vulnerable. Oracle has apparently failed to do this with MySQL as well.