CVE-2004-0457 Information

Description

The mysqlhotcopy script in mysql 4.0.20 and earlier when using the scp method from the mysql-server package allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Reference

http://packages.debian.org/changelogs/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-11/changelog http://www.ciac.org/ciac/bulletins/p-018.shtml http://www.debian.org/security/2004/dsa-540 http://www.redhat.com/support/errata/RHSA-2004-597.html https://exchange.xforce.ibmcloud.com/vulnerabilities/17030 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10693