FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0c4d5973-f2ab-11d8-9837-000c41e2cdadmysql -- mysqlhotcopy insecure temporary file creation

According to Christian Hammers:

[mysqlhotcopy created] temporary files in /tmp which had predictable filenames and such could be used for a tempfile run attack.

Jeroen van Wolffelaar is credited with discovering the issue.


Discovery 2004-08-18
Entry 2004-08-22
mysql-scripts
le 3.23.58

gt 4 le 4.0.20

gt 4.1 le 4.1.3

gt 5 le 5.0.0_1

CVE-2004-0457
http://www.debian.org/security/2004/dsa-540
http://lists.mysql.com/internals/15185
ce109fd4-67f3-11d9-a9e7-0001020eed82mysql-scripts -- mysqlaccess insecure temporary file creation

The Debian Security Team reports:

Javier Fernández-Sanguino Peña from the Debian Security Audit Project discovered a temporary file vulnerability in the mysqlaccess script of MySQL that could allow an unprivileged user to let root overwrite arbitrary files via a symlink attack and could also could unveil the contents of a temporary file which might contain sensitive information.


Discovery 2005-01-12
Entry 2005-01-16
Modified 2005-01-17
mysql-scripts
< 3.23.58_2

gt 4.* lt 4.0.23a_1

gt 4.1.* lt 4.1.9_1

gt 5.* lt 5.0.2_1

CVE-2005-0004
http://lists.mysql.com/internals/20600