FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ce109fd4-67f3-11d9-a9e7-0001020eed82mysql-scripts -- mysqlaccess insecure temporary file creation

The Debian Security Team reports:

Javier Fernández-Sanguino Peña from the Debian Security Audit Project discovered a temporary file vulnerability in the mysqlaccess script of MySQL that could allow an unprivileged user to let root overwrite arbitrary files via a symlink attack and could also could unveil the contents of a temporary file which might contain sensitive information.

Discovery 2005-01-12
Entry 2005-01-16
Modified 2005-01-17
lt 3.23.58_2

gt 4.* lt 4.0.23a_1

gt 4.1.* lt 4.1.9_1

gt 5.* lt 5.0.2_1

0c4d5973-f2ab-11d8-9837-000c41e2cdadmysql -- mysqlhotcopy insecure temporary file creation

According to Christian Hammers:

[mysqlhotcopy created] temporary files in /tmp which had predictable filenames and such could be used for a tempfile run attack.

Jeroen van Wolffelaar is credited with discovering the issue.

Discovery 2004-08-18
Entry 2004-08-22
le 3.23.58

gt 4 le 4.0.20

gt 4.1 le 4.1.3

gt 5 le 5.0.0_1