Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0711

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2005-0711
Last Modified 21 Aug 2010 12:26:52
Published 02 May 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-0711

Summary

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.

Vulnerable Systems

Application

  • Mysql 3.23.49

  • Mysql 4.0.0

  • Mysql 4.0.1

  • Mysql 4.0.10

  • Mysql 4.0.11

  • Mysql 4.0.12

  • Mysql 4.0.13

  • Mysql 4.0.14

  • Mysql 4.0.15

  • Mysql 4.0.18

  • Mysql 4.0.2

  • Mysql 4.0.20

  • Mysql 4.0.21

  • Mysql 4.0.23

  • Mysql 4.0.3

  • Mysql 4.0.4

  • Mysql 4.0.5

  • Mysql 4.0.5a

  • Mysql 4.0.6

  • Mysql 4.0.7

  • Mysql 4.0.8

  • Mysql 4.0.9

  • Mysql 4.1.0

  • Mysql 4.1.0.0

  • Mysql 4.1.10

  • Mysql 4.1.2

  • Mysql 4.1.3

  • Mysql 4.1.4

  • Mysql 4.1.5


References

TRUSTIX - 2005-0009

BID - 12781

REDHAT - RHSA-2005:334

SUSE - SUSE-SA:2005:019

GENTOO - GLSA-200503-19

UBUNTU - USN-96-1

REDHAT - RHSA-2005:348

DEBIAN - DSA-707

APPLE - APPLE-SA-2005-08-15

APPLE - APPLE-SA-2005-08-17

VULNWATCH - 20050310 Mysql insecure temporary file creation with CREATE TEMPORARY TABLE privilege escalation

MANDRAKE - MDKSA-2005:060

SUNALERT - 101864


Last Updated: 27 May 2016 10:39:54