Description

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.

Remediation

References

CVE-2005-0711

Related Vulnerabilities

Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2009-4066)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4938)

ownCloud Resource Management Errors Vulnerability (CVE-2015-4717)

WordPress Plugin WP Discourse Unspecified Vulnerability (0.9.7)

WordPress Plugin Shopping Cart Multiple SQL Injection and Arbitrary File Upload Vulnerabilities (8.1.14)

Severity

Low

Classification

CVE-2005-0711

Tags

Missing Update Known Vulnerabilities