CVE-2005-0711

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0082.html	Exploit
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1
http://www.debian.org/security/2005/dsa-707	Exploit
http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml	Patch
http://www.mandriva.com/security/advisories?name=MDKSA-2005:060
http://www.novell.com/linux/security/advisories/2005_19_mysql.html	Patch
http://www.redhat.com/support/errata/RHSA-2005-334.html	Patch
http://www.redhat.com/support/errata/RHSA-2005-348.html
http://www.securityfocus.com/bid/12781	Patch
http://www.trustix.org/errata/2005/0009/	Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9591
https://usn.ubuntu.com/96-1/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mysql:mysql:4.1.0:::::::*
	cpe:2.3:a:mysql:mysql:4.1.3:::::::*
	cpe:2.3:a:mysql:mysql:4.1.10:::::::*
	cpe:2.3:a:oracle:mysql:3.23.49:::::::*
	cpe:2.3:a:oracle:mysql:4.0.0:::::::*
	cpe:2.3:a:oracle:mysql:4.0.1:::::::*
	cpe:2.3:a:oracle:mysql:4.0.2:::::::*
	cpe:2.3:a:oracle:mysql:4.0.3:::::::*
	cpe:2.3:a:oracle:mysql:4.0.4:::::::*
	cpe:2.3:a:oracle:mysql:4.0.5:::::::*
	cpe:2.3:a:oracle:mysql:4.0.5a:::::::*
	cpe:2.3:a:oracle:mysql:4.0.6:::::::*
	cpe:2.3:a:oracle:mysql:4.0.7:::::::*
	cpe:2.3:a:oracle:mysql:4.0.7:gamma::::::
	cpe:2.3:a:oracle:mysql:4.0.8:::::::*
	cpe:2.3:a:oracle:mysql:4.0.8:gamma::::::
	cpe:2.3:a:oracle:mysql:4.0.9:::::::*
	cpe:2.3:a:oracle:mysql:4.0.9:gamma::::::
	cpe:2.3:a:oracle:mysql:4.0.10:::::::*
	cpe:2.3:a:oracle:mysql:4.0.11:::::::*
	cpe:2.3:a:oracle:mysql:4.0.11:gamma::::::
	cpe:2.3:a:oracle:mysql:4.0.12:::::::*
	cpe:2.3:a:oracle:mysql:4.0.13:::::::*
	cpe:2.3:a:oracle:mysql:4.0.14:::::::*
	cpe:2.3:a:oracle:mysql:4.0.15:::::::*
	cpe:2.3:a:oracle:mysql:4.0.18:::::::*
	cpe:2.3:a:oracle:mysql:4.0.20:::::::*
	cpe:2.3:a:oracle:mysql:4.0.21:::::::*
	cpe:2.3:a:oracle:mysql:4.0.23:::::::*
	cpe:2.3:a:oracle:mysql:4.1.0:alpha::::::
	cpe:2.3:a:oracle:mysql:4.1.2:alpha::::::
	cpe:2.3:a:oracle:mysql:4.1.3:beta::::::
	cpe:2.3:a:oracle:mysql:4.1.4:::::::*
	cpe:2.3:a:oracle:mysql:4.1.5:::::::*

History

No history.

Information

Published : 2005-05-02 04:00

Updated : 2019-12-17 17:12

NVD link : CVE-2005-0711

Mitre link : CVE-2005-0711

CVE.ORG link : CVE-2005-0711

JSON object : View

Products Affected

mysql

mysql

oracle

mysql

CWE

NVD-CWE-Other

2.1 /10