Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-9546

mysqlaccess script shows an old version (which was vulnerable to CVE-2005-0004)

    XMLWordPrintable

Details

    Description

      CVE-2005-0004 was filed in 2005 against mysql for the mysqlaccess script. Scanners report:

      -The following file versions were found to be less than 2.07: <path>/bin/mysqlaccess

      • Certain versions of the 'mysqlaccess' program shipped with MySQL are vulnerable to a symlink attack because the temporary files used are easy to predict. As a result, a local attacker can overwrite any file which the calling process has write access to.

      Looking at the mysqlaccess shipped in MariaDB 10.1.11 (and earlier), we find:

      package MySQLaccess;
      #use strict;
      use File::Temp qw(tempfile tmpnam);
      use Fcntl;
       
      BEGIN {
          # ****************************
          # static information...
          $VERSION     = "2.06, 20 Dec 2000";
      

      So the question is – Is MariaDB actually vulnerable, or has it simply failed to update the version listed in mysqlaccess?

      Attachments

        Activity

          People

            serg Sergei Golubchik
            quanah Quanah Gibson-Mount (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.