CVE-2005-0711

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0082.html	Exploit
http://www.debian.org/security/2005/dsa-707	Exploit
http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml	Patch
http://www.redhat.com/support/errata/RHSA-2005-334.html	Patch
http://www.novell.com/linux/security/advisories/2005_19_mysql.html	Patch
http://www.trustix.org/errata/2005/0009/	Patch
http://www.securityfocus.com/bid/12781	Patch
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
http://www.redhat.com/support/errata/RHSA-2005-348.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1
http://www.mandriva.com/security/advisories?name=MDKSA-2005:060
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9591
https://usn.ubuntu.com/96-1/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:mysql:4.0.0:::::::*
	cpe:2.3:a:oracle:mysql:4.0.1:::::::*
	cpe:2.3:a:oracle:mysql:4.0.15:::::::*
	cpe:2.3:a:oracle:mysql:4.0.18:::::::*
	cpe:2.3:a:oracle:mysql:4.0.5:::::::*
	cpe:2.3:a:oracle:mysql:4.0.5a:::::::*
	cpe:2.3:a:mysql:mysql:4.1.0:::::::*
	cpe:2.3:a:oracle:mysql:4.1.0:alpha::::::
	cpe:2.3:a:oracle:mysql:3.23.49:::::::*
	cpe:2.3:a:oracle:mysql:4.0.13:::::::*
	cpe:2.3:a:oracle:mysql:4.0.14:::::::*
	cpe:2.3:a:mysql:mysql:4.1.10:::::::*
	cpe:2.3:a:mysql:mysql:4.1.3:::::::*
	cpe:2.3:a:oracle:mysql:4.0.2:::::::*
	cpe:2.3:a:oracle:mysql:4.0.3:::::::*
	cpe:2.3:a:oracle:mysql:4.0.4:::::::*
	cpe:2.3:a:oracle:mysql:4.0.6:::::::*
	cpe:2.3:a:oracle:mysql:4.0.7:::::::*
	cpe:2.3:a:oracle:mysql:4.0.7:gamma::::::
	cpe:2.3:a:oracle:mysql:4.0.8:gamma::::::
	cpe:2.3:a:oracle:mysql:4.0.8:::::::*
	cpe:2.3:a:oracle:mysql:4.0.9:::::::*
	cpe:2.3:a:oracle:mysql:4.0.9:gamma::::::
	cpe:2.3:a:oracle:mysql:4.0.10:::::::*
	cpe:2.3:a:oracle:mysql:4.0.11:gamma::::::
	cpe:2.3:a:oracle:mysql:4.0.11:::::::*
	cpe:2.3:a:oracle:mysql:4.0.12:::::::*
	cpe:2.3:a:oracle:mysql:4.0.20:::::::*
	cpe:2.3:a:oracle:mysql:4.0.21:::::::*
	cpe:2.3:a:oracle:mysql:4.0.23:::::::*
	cpe:2.3:a:oracle:mysql:4.1.2:alpha::::::
	cpe:2.3:a:oracle:mysql:4.1.4:::::::*
	cpe:2.3:a:oracle:mysql:4.1.5:::::::*
	cpe:2.3:a:oracle:mysql:4.1.3:beta::::::

Information

Published : 2005-05-01 21:00

Updated : 2019-12-17 09:12

NVD link : CVE-2005-0711

Mitre link : CVE-2005-0711

JSON object : View

CWE

NVD-CWE-Other

Products Affected

oracle

mysql

mysql

mysql

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0082.html", "name": "20050310 Mysql insecure temporary file creation with CREATE TEMPORARY TABLE privilege escalation", "tags": ["Exploit"], "refsource": "VULNWATCH"}, {"url": "http://www.debian.org/security/2005/dsa-707", "name": "DSA-707", "tags": ["Exploit"], "refsource": "DEBIAN"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml", "name": "GLSA-200503-19", "tags": ["Patch"], "refsource": "GENTOO"}, {"url": "http://www.redhat.com/support/errata/RHSA-2005-334.html", "name": "RHSA-2005:334", "tags": ["Patch"], "refsource": "REDHAT"}, {"url": "http://www.novell.com/linux/security/advisories/2005_19_mysql.html", "name": "SUSE-SA:2005:019", "tags": ["Patch"], "refsource": "SUSE"}, {"url": "http://www.trustix.org/errata/2005/0009/", "name": "2005-0009", "tags": ["Patch"], "refsource": "TRUSTIX"}, {"url": "http://www.securityfocus.com/bid/12781", "name": "12781", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html", "name": "APPLE-SA-2005-08-15", "tags": [], "refsource": "APPLE"}, {"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html", "name": "APPLE-SA-2005-08-17", "tags": [], "refsource": "APPLE"}, {"url": "http://www.redhat.com/support/errata/RHSA-2005-348.html", "name": "RHSA-2005:348", "tags": [], "refsource": "REDHAT"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1", "name": "101864", "tags": [], "refsource": "SUNALERT"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:060", "name": "MDKSA-2005:060", "tags": [], "refsource": "MANDRAKE"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9591", "name": "oval:org.mitre.oval:def:9591", "tags": [], "refsource": "OVAL"}, {"url": "https://usn.ubuntu.com/96-1/", "name": "USN-96-1", "tags": [], "refsource": "UBUNTU"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-0711", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-05-02T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mysql:mysql:4.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.49:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mysql:mysql:4.1.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mysql:mysql:4.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.1.2:alpha:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.1.3:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-12-17T17:12Z"}

2.1 /10