CVE-2005-0711

MySQL <4.0.24 or 4.1.11 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0711. PoCs published by Marco Ivaldi.

AI-analyzed exploit summary This exploit leverages MySQL's User Defined Function (UDF) feature to execute arbitrary system commands by creating a malicious shared library. It requires authenticated access with sufficient privileges to create functions and write files.

Description

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Marco Ivaldi · cremotemultiple

https://www.exploit-db.com/exploits/25211

View Code ZIP pw:eip

This exploit leverages MySQL's User Defined Function (UDF) feature to execute arbitrary system commands by creating a malicious shared library. It requires authenticated access with sufficient privileges to create functions and write files.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: MySQL versions prior to 4.0.24 and 4.1.10a

Auth required

Prerequisites: Authenticated MySQL access · Privileges to create temporary tables and functions · Ability to write files to the MySQL library directory

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (14)

Core 14

Core References

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9591

Patch vendor-advisory x_refsource_trustix

http://www.trustix.org/errata/2005/0009/

Exploit vendor-advisory x_refsource_debian

http://www.debian.org/security/2005/dsa-707

Patch vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2005-334.html

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1

Patch vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2005_19_mysql.html

Vendor Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/96-1/

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2005-348.html

Exploit mailing-list x_refsource_vulnwatch

http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0082.html

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

Vendor Advisory vendor-advisory x_refsource_mandrake

http://www.mandriva.com/security/advisories?name=MDKSA-2005:060

Patch vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/12781

Scores

EPSS 0.0170

EPSS Percentile 74.2%

Details

Status published

Products (30)

mysql/mysql 4.1.0

mysql/mysql 4.1.3

mysql/mysql 4.1.10

oracle/mysql 3.23.49

oracle/mysql 4.0.0

oracle/mysql 4.0.1

oracle/mysql 4.0.2

oracle/mysql 4.0.3

oracle/mysql 4.0.4

oracle/mysql 4.0.5

... and 20 more

Published May 02, 2005

Tracked Since Feb 18, 2026