Vulnerability Details CVE-2005-1636
mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 4.1%
CVSS Severity
CVSS v2 Score 4.6
References
- http://marc.info/?l=full-disclosure&m=111632686805498&w=2
- http://secunia.com/advisories/15369
- http://secunia.com/advisories/17080
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:045
- http://www.redhat.com/support/errata/RHSA-2005-685.html
- http://www.securityfocus.com/bid/13660
- http://www.zataz.net/adviso/mysql-05172005.txt
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158688
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9504
- http://marc.info/?l=full-disclosure&m=111632686805498&w=2
- http://secunia.com/advisories/15369
- http://secunia.com/advisories/17080
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:045
- http://www.redhat.com/support/errata/RHSA-2005-685.html
- http://www.securityfocus.com/bid/13660
- http://www.zataz.net/adviso/mysql-05172005.txt
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158688
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9504
Products affected by CVE-2005-1636
-
cpe:2.3:a:mysql:mysql:5.0.1
-
cpe:2.3:a:mysql:mysql:5.0.2
-
cpe:2.3:a:mysql:mysql:5.0.3
-
cpe:2.3:a:mysql:mysql:5.0.4
-
cpe:2.3:a:oracle:mysql:4.0.0
-
cpe:2.3:a:oracle:mysql:4.0.1
-
cpe:2.3:a:oracle:mysql:4.0.10
-
cpe:2.3:a:oracle:mysql:4.0.11
-
cpe:2.3:a:oracle:mysql:4.0.2
-
cpe:2.3:a:oracle:mysql:4.0.3
-
cpe:2.3:a:oracle:mysql:4.0.4
-
cpe:2.3:a:oracle:mysql:4.0.5
-
cpe:2.3:a:oracle:mysql:4.0.5a
-
cpe:2.3:a:oracle:mysql:4.0.6
-
cpe:2.3:a:oracle:mysql:4.0.7
-
cpe:2.3:a:oracle:mysql:4.0.8
-
cpe:2.3:a:oracle:mysql:4.0.9
-
cpe:2.3:a:oracle:mysql:5.0.0