Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-0711 — Mysql vulnerability

7 documents6 sources

Severity

2.1LOWNVD

EPSS

0.5%

top 36.20%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mysql Oracle Mysql

Timeline

PublishedMay 2

Latest updateMay 1

Description

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶NVDmysql/mysql4.1.0, 4.1.10, 4.1.3+2

▶NVDoracle/mysql27 versions+26

Patches

Patch: www.gentoo.org ↗Patch: www.novell.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-pxgm-cjcm-fmcg: MySQL 4↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

MySQL 4.x - CREATE Temporary TABLE Symlink Privilege Escalation↗2006-01-18

▶

📋Vendor Advisories

Ubuntu

mySQL vulnerabilities↗2005-03-16

▶

Red Hat

security flaw↗2005-03-11

▶

💬Community

Bugzilla

CVE-2005-0711 security flaw↗2018-08-16

▶