CVE-2005-0004 in MySQL
Summary
by MITRE
The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 07/05/2025
The vulnerability described in CVE-2005-0004 represents a critical file system security flaw in the mysqlaccess script component of MySQL database systems. This issue affects multiple version ranges including MySQL 3.x, 4.0.23 and earlier, 4.1.x versions before 4.1.10, and 5.0.x versions before 5.0.3. The vulnerability stems from improper handling of temporary files during script execution, creating a dangerous attack surface for local users who can exploit this weakness to gain unauthorized access to system resources.
The technical flaw manifests through a symlink attack mechanism that exploits the insecure creation and handling of temporary files by the mysqlaccess script. When the script executes, it creates temporary files in predictable locations without proper validation of file ownership or existence checks. Local attackers can manipulate this process by creating symbolic links that point to sensitive system files or directories, effectively allowing them to overwrite arbitrary files or read temporary files that should remain protected. This type of vulnerability falls under the CWE-377 weakness category, specifically CWE-377: Insecure Temporary File, which is classified as a high-risk issue in software security practices.
The operational impact of this vulnerability extends beyond simple privilege escalation as it provides attackers with the ability to modify critical system files or extract sensitive data from temporary storage areas. Attackers can leverage this weakness to modify configuration files, inject malicious code into system components, or gain persistent access to the target system. The vulnerability is particularly concerning because it requires only local user access, meaning that any user with access to the system can potentially exploit this weakness without requiring network connectivity or additional authentication. This aligns with ATT&CK technique T1059.001 for executing malicious code through command-line interfaces and T1078.004 for bypassing system access controls.
The exploitation process involves creating malicious symbolic links in the temporary file directories that the mysqlaccess script uses during execution. Once executed, the script will follow these symbolic links and perform operations on the targeted files, potentially overwriting system binaries or configuration files with malicious content. This vulnerability demonstrates the importance of proper temporary file handling practices and highlights the need for robust input validation and file system security controls. Organizations should implement immediate mitigations including patching to affected versions, restricting local access to the mysqlaccess script, and implementing proper file system permissions to prevent unauthorized symbolic link creation in temporary directories. The vulnerability also underscores the necessity of following security best practices such as using secure temporary file creation methods and implementing proper file ownership verification mechanisms.