CVE-2005-0711 Information

Feb 14, 2021 cve

Description

MySQL 4.0.23 and earlier and 4.1.x up to 4.1.10 uses predictable file names when creating temporary tables which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.

Reference

http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0082.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 http://www.debian.org/security/2005/dsa-707 http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:060 http://www.novell.com/linux/security/advisories/2005_19_mysql.html http://www.redhat.com/support/errata/RHSA-2005-334.html http://www.redhat.com/support/errata/RHSA-2005-348.html http://www.securityfocus.com/bid/12781 http://www.trustix.org/errata/2005/0009/ https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9591 https://usn.ubuntu.com/96-1/

Share on: