CVE-2005-0711

MySQL <4.0.24 or 4.1.11 - Info Disclosure

Title source: llm

Description

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Marco Ivaldi · cremotemultiple

https://www.exploit-db.com/exploits/25211

View Code ZIP pw:eip

References (14)

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9591

[Patch] http://www.trustix.org/errata/2005/0009/

[Exploit] http://www.debian.org/security/2005/dsa-707

[Patch] http://www.redhat.com/support/errata/RHSA-2005-334.html

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1

[Patch] http://www.novell.com/linux/security/advisories/2005_19_mysql.html

[Vendor Advisory] https://usn.ubuntu.com/96-1/

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2005-348.html

[Exploit] http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0082.html

[Mailing List] http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2005:060

[Patch] http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml

[Mailing List] http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

[Patch] http://www.securityfocus.com/bid/12781

Scores

EPSS 0.0045

EPSS Percentile 63.8%

Details

Status published

Products (30)

mysql/mysql 4.1.0

mysql/mysql 4.1.3

mysql/mysql 4.1.10

oracle/mysql 3.23.49

oracle/mysql 4.0.0

oracle/mysql 4.0.1

oracle/mysql 4.0.2

oracle/mysql 4.0.3

oracle/mysql 4.0.4

oracle/mysql 4.0.5

... and 20 more

Published May 02, 2005

Tracked Since Feb 18, 2026