Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2005-0711

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.

Related bugs and status

CVE-2005-0711 (Candidate) is related to these bugs:

Bug #13818: MySQL Privilege Escalation and Command Execution Vulnerabilities

Summary				In	Importance	Status
	13818	MySQL Privilege Escalation and Command Execution Vulnerabilities		mysql-dfsg-4.1 (Ubuntu)	High	Fix Released
	13818	MySQL Privilege Escalation and Command Execution Vulnerabilities		mysql-dfsg-4.1 (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://sunsolve.sun.co...
MISC: http://www.securityfoc...
MISC: http://www.trustix.org...
MISC: http://archives.neohap...
MISC: http://lists.apple.com...
MISC: http://lists.apple.com...
MISC: http://www.debian.org/...
MISC: http://www.gentoo.org/...
MISC: http://www.mandriva.co...
MISC: http://www.redhat.com/...
MISC: http://www.redhat.com/...
MISC: http://www.novell.com/...
MISC: https://usn.ubuntu.com...
MISC: https://oval.cisecurit...