CVE Reference: CVE-2005-0711

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2005-0711

Description:
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.

CVE Status:
Candidate

References:

VULNWATCH
  http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0082.html

UBUNTU
  http://www.ubuntulinux.org/support/documentation/usn/usn-96-1

TRUSTIX
  http://www.trustix.org/errata/2005/0009/

SUSE
  http://www.novell.com/linux/security/advisories/2005_19_mysql.html

SUNALERT
  http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1

REDHAT
  http://www.redhat.com/support/errata/RHSA-2005-348.html
  http://www.redhat.com/support/errata/RHSA-2005-334.html

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9591

MANDRAKE
  http://www.mandriva.com/security/advisories?name=MDKSA-2005:060

GENTOO
  http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml

DEBIAN
  http://www.debian.org/security/2005/dsa-707

BID
  12781

APPLE
  http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
  http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html


Return to the previous page.