MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.
archives.neohapsis.com/archives/vulnwatch/2005-q1/0082.html
lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1
www.debian.org/security/2005/dsa-707
www.gentoo.org/security/en/glsa/glsa-200503-19.xml
www.mandriva.com/security/advisories?name=MDKSA-2005:060
www.novell.com/linux/security/advisories/2005_19_mysql.html
www.redhat.com/support/errata/RHSA-2005-334.html
www.redhat.com/support/errata/RHSA-2005-348.html
www.securityfocus.com/bid/12781
www.trustix.org/errata/2005/0009/
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9591
usn.ubuntu.com/96-1/