CVE-2005-0004 was filed in 2005 against mysql for the mysqlaccess script. Scanners report:
-The following file versions were found to be less than 2.07: <path>/bin/mysqlaccess
- Certain versions of the 'mysqlaccess' program shipped with MySQL are vulnerable to a symlink attack because the temporary files used are easy to predict. As a result, a local attacker can overwrite any file which the calling process has write access to.
Looking at the mysqlaccess shipped in MariaDB 10.1.11 (and earlier), we find:
So the question is – Is MariaDB actually vulnerable, or has it simply failed to update the version listed in mysqlaccess?