Vulnerability CVE-2005-0711 - CERT Civis.Net

Vulnerability Name:

CVE-2005-0711 (CCN-19659)

Assigned:

2005-03-11

Published:

2005-03-11

Updated:

2019-12-17

Summary:

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.

CVSS v3 Severity:

2.8 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: CCN
Type: VulnWatch Security Advisory 0082
Mysql insecure temporary file creation with CREATE TEMPORARY TABLE privilege escalation

Source: VULNWATCH
Type: Exploit
20050310 Mysql insecure temporary file creation with CREATE TEMPORARY TABLE privilege escalation

Source: MITRE
Type: CNA
CVE-2005-0711

Source: APPLE
Type: UNKNOWN
APPLE-SA-2005-08-17

Source: APPLE
Type: UNKNOWN
APPLE-SA-2005-08-15

Source: CCN
Type: RHSA-2005-334
mysql security update

Source: CCN
Type: RHSA-2005-348
mysql-server security update

Source: SUNALERT
Type: UNKNOWN
101864

Source: CCN
Type: Sun Alert ID: 201658
Multiple Security Vulnerabilities in The "MySQL" Package

Source: CCN
Type: CIAC INFORMATION BULLETIN P-164
MySQL Security Update

Source: CCN
Type: CIAC INFORMATION BULLETIN P-171
SGI Advanced Linux Environment 3 Security Update #33

Source: DEBIAN
Type: Exploit
DSA-707

Source: DEBIAN
Type: DSA-707
mysql -- several vulnerabilities

Source: CCN
Type: GLSA-200503-19
MySQL: Multiple vulnerabilities

Source: GENTOO
Type: Patch
GLSA-200503-19

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:060

Source: CCN
Type: MySQL Web site
MySQL- The world's most popular open source database

Source: SUSE
Type: Patch
SUSE-SA:2005:019

Source: CCN
Type: OpenPKG-SA-2005.006
MySQL

Source: REDHAT
Type: Patch
RHSA-2005:334

Source: REDHAT
Type: UNKNOWN
RHSA-2005:348

Source: BID
Type: Patch
12781

Source: CCN
Type: BID-12781
MySQL AB MySQL Multiple Remote Vulnerabilities

Source: CCN
Type: BID-14567
Apple Mac OS X Multiple Vulnerabilities

Source: TRUSTIX
Type: Patch
2005-0009

Source: CCN
Type: TLSA-2005-48
Multiple vulnerabilities exist in MySQL

Source: CCN
Type: USN-96-1
mySQL vulnerabilities

Source: XF
Type: UNKNOWN
mysql-command-insecure-file(19659)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9591

Source: UBUNTU
Type: UNKNOWN
USN-96-1

Source: SUSE
Type: SUSE-SA:2005:019
MySQL: remote code execution

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:mysql:4.1.0:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.3:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.10:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:3.23.49:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.5:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.6:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.7:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.8:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.9:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.10:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.11:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.12:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.13:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.14:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.15:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.18:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.20:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.21:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.23:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.2:alpha:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.3:beta:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.5:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:oracle:mysql:3.23.49:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.18:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.20:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.23:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.10:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.11:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.12:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.13:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.14:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.15:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.21:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.5:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.6:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.7:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.8:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.9:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.0:-:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.2:alpha:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.3:beta:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:4.1.5:*:*:*:*:*:*:*

AND

cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*

OR cpe:/a:openpkg:openpkg:2.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20050711	V	CVE-2005-0711	2015-11-16
oval:org.mitre.oval:def:9591	V	MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.	2013-04-29
oval:org.debian:def:707	V	several vulnerabilities	2005-04-13
oval:com.redhat.rhsa:def:20050334	P	RHSA-2005:334: mysql security update (Important)	2005-03-28