CVE-2005-0711
5.9 Medium
AI Score
Confidence
Low
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
24.3%
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.
References
archives.neohapsis.com/archives/vulnwatch/2005-q1/0082.html
lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1
www.debian.org/security/2005/dsa-707
www.gentoo.org/security/en/glsa/glsa-200503-19.xml
www.mandriva.com/security/advisories?name=MDKSA-2005:060
www.novell.com/linux/security/advisories/2005_19_mysql.html
www.redhat.com/support/errata/RHSA-2005-334.html
www.redhat.com/support/errata/RHSA-2005-348.html
www.securityfocus.com/bid/12781
www.trustix.org/errata/2005/0009/
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9591
usn.ubuntu.com/96-1/
Related
5.9 Medium
AI Score
Confidence
Low
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
24.3%