(Mandrake Issues Fix) MySQL 'mysqlbug' Temporary File Flaw Lets Local Users Overwrite Files
|
|
SecurityTracker Alert ID: 1009879 |
|
SecurityTracker URL: http://securitytracker.com/id/1009879
|
|
CVE Reference:
CAN-2004-0381
(Links to External Site)
|
Date: Apr 20 2004
|
Impact:
Modification of system information, Modification of user information, Root access via local system, User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 4.0.18 and prior versions
|
Description:
A vulnerability was reported in MySQL in the 'mysqlbug' component. A local user can overwrite files on the target system.
Shaun Colley reported that when a user runs 'mysqlbug' and then exits the text editor without modifying the bug report, a temporary file ('/tmp/failed-mysql-bugreport') is created in an unsafe manner. A local user can create a symbolic link (symlink) from a critical file on the system to this temporary file. Then, when the error condition is triggered by a target user, the symlinked file will be overwritten with the privileges of the target user.
A local user may be able to gain elevated privileges on the target system.
|
Impact:
A local user can cause files to be overwritten with the privileges of the target user. A local user may be able to gain elevated privileges on the target system.
|
Solution:
Mandrake has released a fix.
Mandrakelinux 10.0:
d1a9cc7377fb76d8efb792f78890ca67 10.0/RPMS/libmysql12-4.0.18-1.1.100mdk.i586.rpm
ad512544a05b95fac5ccdcdb770adbf6 10.0/RPMS/libmysql12-devel-4.0.18-1.1.100mdk.i586.rpm
df1bb8fab4d5cee5b0965afbe7eeff1d 10.0/RPMS/MySQL-4.0.18-1.1.100mdk.i586.rpm
94e8d5d4313de5dcbffa65de1271b68f 10.0/RPMS/MySQL-Max-4.0.18-1.1.100mdk.i586.rpm
cfc0586f2d3627efa53310d50486eafb 10.0/RPMS/MySQL-bench-4.0.18-1.1.100mdk.i586.rpm
bb91503c579f0e43d844fb9d82933052 10.0/RPMS/MySQL-client-4.0.18-1.1.100mdk.i586.rpm
c74ab4f5627f00e5f580c7cfd1a50f83 10.0/RPMS/MySQL-common-4.0.18-1.1.100mdk.i586.rpm
7d2a9a655e15b264611d8dd61a41cc68 10.0/SRPMS/MySQL-4.0.18-1.1.100mdk.src.rpm
Corporate Server 2.1:
196c8c4ff065846e81a5e734de3fa67c corporate/2.1/RPMS/libmysql10-3.23.56-1.5.C21mdk.i586.rpm
cab34d2f0bfdb10e9280cd3712fe1b64 corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.5.C21mdk.i586.rpm
1e3d0af27128254f244e2c5d510a3587 corporate/2.1/RPMS/MySQL-3.23.56-1.5.C21mdk.i586.rpm
a364703328b06ed0ab86685b0d868dd3 corporate/2.1/RPMS/MySQL-Max-3.23.56-1.5.C21mdk.i586.rpm
21a1663fc333cd7dfc8a848cd4902f52 corporate/2.1/RPMS/MySQL-bench-3.23.56-1.5.C21mdk.i586.rpm
6345aa681b10768ceba5173eb5b06009 corporate/2.1/RPMS/MySQL-client-3.23.56-1.5.C21mdk.i586.rpm
64f44e65bc1a7946490ac8f8a39b5878 corporate/2.1/SRPMS/MySQL-3.23.56-1.5.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
d644c0e26335e44b1723c867fcb93e1d x86_64/corporate/2.1/RPMS/libmysql10-3.23.56-1.5.C21mdk.x86_64.rpm
ba290ee12906423085bb64442938082c x86_64/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.5.C21mdk.x86_64.rpm
8a46947c51f3e6f871a7b66ec8d78170 x86_64/corporate/2.1/RPMS/MySQL-3.23.56-1.5.C21mdk.x86_64.rpm
ff382d6baa61f6e15b007529190e88b4 x86_64/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.5.C21mdk.x86_64.rpm
271cbb0850f12b123d9388841d123dc0 x86_64/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.5.C21mdk.x86_64.rpm
e1ade4431cfb0db410bf668661e9cab4 x86_64/corporate/2.1/RPMS/MySQL-client-3.23.56-1.5.C21mdk.x86_64.rpm
64f44e65bc1a7946490ac8f8a39b5878 x86_64/corporate/2.1/SRPMS/MySQL-3.23.56-1.5.C21mdk.src.rpm
Mandrakelinux 9.1:
84b5e29c73ca4c6a9312cea861844cee 9.1/RPMS/libmysql12-4.0.11a-5.2.91mdk.i586.rpm
da8a3eeef553a51314b2dbd2d838de28 9.1/RPMS/libmysql12-devel-4.0.11a-5.2.91mdk.i586.rpm
c778e675dd5e89bf777dbdc7056e46a5 9.1/RPMS/MySQL-4.0.11a-5.2.91mdk.i586.rpm
5a7742f1ee210b160e8b9b11988c41f6 9.1/RPMS/MySQL-Max-4.0.11a-5.2.91mdk.i586.rpm
3ab9d2ecbbaa73a6e3dabcacb7ce7eb2 9.1/RPMS/MySQL-bench-4.0.11a-5.2.91mdk.i586.rpm
53132555ed6d6ec59a0634b1da46da4e 9.1/RPMS/MySQL-client-4.0.11a-5.2.91mdk.i586.rpm
743eb098d8ca52f237273556e034132d 9.1/RPMS/MySQL-common-4.0.11a-5.2.91mdk.i586.rpm
da5d057b05fd09f04a81d377c4a89cae 9.1/SRPMS/MySQL-4.0.11a-5.2.91mdk.src.rpm
Mandrakelinux 9.1/PPC:
8505e7a05978f637d0786ab352312878 ppc/9.1/RPMS/libmysql12-4.0.11a-5.2.91mdk.ppc.rpm
7496a584ade59c7e389335328db20853 ppc/9.1/RPMS/libmysql12-devel-4.0.11a-5.2.91mdk.ppc.rpm
943fc9895d394ca4ff3f5f21f4b46a85 ppc/9.1/RPMS/MySQL-4.0.11a-5.2.91mdk.ppc.rpm
df459fce0474aed6d0ba9e2b34fea3a5 ppc/9.1/RPMS/MySQL-Max-4.0.11a-5.2.91mdk.ppc.rpm
e1901d38eb68203218b47fbfa08c1806 ppc/9.1/RPMS/MySQL-bench-4.0.11a-5.2.91mdk.ppc.rpm
a14e0d0c74c182c9ce6fcaf879c18539 ppc/9.1/RPMS/MySQL-client-4.0.11a-5.2.91mdk.ppc.rpm
2c52ddb4e7918698e8a4e278d4f2aca3 ppc/9.1/RPMS/MySQL-common-4.0.11a-5.2.91mdk.ppc.rpm
da5d057b05fd09f04a81d377c4a89cae ppc/9.1/SRPMS/MySQL-4.0.11a-5.2.91mdk.src.rpm
Mandrakelinux 9.2:
96dfe33caef2b9435ad021f1a806a7d6 9.2/RPMS/libmysql12-4.0.15-1.1.92mdk.i586.rpm
61df7fe813aa3ee63810f6609a630f12 9.2/RPMS/libmysql12-devel-4.0.15-1.1.92mdk.i586.rpm
9c24bd6c3ebb4f1be6730c702d64f146 9.2/RPMS/MySQL-4.0.15-1.1.92mdk.i586.rpm
8acf113f397ffedf131b185fbebada9a 9.2/RPMS/MySQL-Max-4.0.15-1.1.92mdk.i586.rpm
29be93a8eee6cd517043068f1abd3100 9.2/RPMS/MySQL-bench-4.0.15-1.1.92mdk.i586.rpm
40c98038ec3188bcd13b12737394ea21 9.2/RPMS/MySQL-client-4.0.15-1.1.92mdk.i586.rpm
bbf926f51acd0555e31d972f92cad773 9.2/RPMS/MySQL-common-4.0.15-1.1.92mdk.i586.rpm
a2266d0dce39d9e58f4daac6ce1dd3c0 9.2/SRPMS/MySQL-4.0.15-1.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
bc27661060d3658e672bf8263a80974a amd64/9.2/RPMS/MySQL-4.0.15-1.1.92mdk.amd64.rpm
b4c71af172961e6c598bceaf72173607 amd64/9.2/RPMS/MySQL-Max-4.0.15-1.1.92mdk.amd64.rpm
c0a53126cc219f54f9ee6d433ab7a0df amd64/9.2/RPMS/MySQL-bench-4.0.15-1.1.92mdk.amd64.rpm
df28d41acd37b15ded63ecc26b84610f amd64/9.2/RPMS/MySQL-client-4.0.15-1.1.92mdk.amd64.rpm
fe3e598e35fd1f3e1c22c3ec231d9164 amd64/9.2/RPMS/MySQL-common-4.0.15-1.1.92mdk.amd64.rpm
a2266d0dce39d9e58f4daac6ce1dd3c0 amd64/9.2/SRPMS/MySQL-4.0.15-1.1.92mdk.src.rpm
|
Vendor URL: www.mysql.com/ (Links to External Site)
|
Cause:
Access control error, State error
|
Underlying OS:
Linux (Mandriva/Mandrake)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: 19 Apr 2004 23:50:34 -0000
Subject: MDKSA-2004:034 - Updated MySQL packages fix temporary file insecurities
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: MySQL
Advisory ID: MDKSA-2004:034
Date: April 19th, 2004
Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
Shaun Colley discovered that two scripts distributed with MySQL, the
'mysqld_multi' and 'mysqlbug' scripts, did not create temporary files
in a secure fashion. An attacker could create symbolic links in /tmp
that could allow for overwriting of files with the privileges of the
user running the scripts.
The scripts have been patched in the updated packages to prevent this
behaviour.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0388
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
d1a9cc7377fb76d8efb792f78890ca67 10.0/RPMS/libmysql12-4.0.18-1.1.100mdk.i586.rpm
ad512544a05b95fac5ccdcdb770adbf6 10.0/RPMS/libmysql12-devel-4.0.18-1.1.100mdk.i586.rpm
df1bb8fab4d5cee5b0965afbe7eeff1d 10.0/RPMS/MySQL-4.0.18-1.1.100mdk.i586.rpm
94e8d5d4313de5dcbffa65de1271b68f 10.0/RPMS/MySQL-Max-4.0.18-1.1.100mdk.i586.rpm
cfc0586f2d3627efa53310d50486eafb 10.0/RPMS/MySQL-bench-4.0.18-1.1.100mdk.i586.rpm
bb91503c579f0e43d844fb9d82933052 10.0/RPMS/MySQL-client-4.0.18-1.1.100mdk.i586.rpm
c74ab4f5627f00e5f580c7cfd1a50f83 10.0/RPMS/MySQL-common-4.0.18-1.1.100mdk.i586.rpm
7d2a9a655e15b264611d8dd61a41cc68 10.0/SRPMS/MySQL-4.0.18-1.1.100mdk.src.rpm
Corporate Server 2.1:
196c8c4ff065846e81a5e734de3fa67c corporate/2.1/RPMS/libmysql10-3.23.56-1.5.C21mdk.i586.rpm
cab34d2f0bfdb10e9280cd3712fe1b64 corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.5.C21mdk.i586.rpm
1e3d0af27128254f244e2c5d510a3587 corporate/2.1/RPMS/MySQL-3.23.56-1.5.C21mdk.i586.rpm
a364703328b06ed0ab86685b0d868dd3 corporate/2.1/RPMS/MySQL-Max-3.23.56-1.5.C21mdk.i586.rpm
21a1663fc333cd7dfc8a848cd4902f52 corporate/2.1/RPMS/MySQL-bench-3.23.56-1.5.C21mdk.i586.rpm
6345aa681b10768ceba5173eb5b06009 corporate/2.1/RPMS/MySQL-client-3.23.56-1.5.C21mdk.i586.rpm
64f44e65bc1a7946490ac8f8a39b5878 corporate/2.1/SRPMS/MySQL-3.23.56-1.5.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
d644c0e26335e44b1723c867fcb93e1d x86_64/corporate/2.1/RPMS/libmysql10-3.23.56-1.5.C21mdk.x86_64.rpm
ba290ee12906423085bb64442938082c x86_64/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.5.C21mdk.x86_64.rpm
8a46947c51f3e6f871a7b66ec8d78170 x86_64/corporate/2.1/RPMS/MySQL-3.23.56-1.5.C21mdk.x86_64.rpm
ff382d6baa61f6e15b007529190e88b4 x86_64/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.5.C21mdk.x86_64.rpm
271cbb0850f12b123d9388841d123dc0 x86_64/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.5.C21mdk.x86_64.rpm
e1ade4431cfb0db410bf668661e9cab4 x86_64/corporate/2.1/RPMS/MySQL-client-3.23.56-1.5.C21mdk.x86_64.rpm
64f44e65bc1a7946490ac8f8a39b5878 x86_64/corporate/2.1/SRPMS/MySQL-3.23.56-1.5.C21mdk.src.rpm
Mandrakelinux 9.1:
84b5e29c73ca4c6a9312cea861844cee 9.1/RPMS/libmysql12-4.0.11a-5.2.91mdk.i586.rpm
da8a3eeef553a51314b2dbd2d838de28 9.1/RPMS/libmysql12-devel-4.0.11a-5.2.91mdk.i586.rpm
c778e675dd5e89bf777dbdc7056e46a5 9.1/RPMS/MySQL-4.0.11a-5.2.91mdk.i586.rpm
5a7742f1ee210b160e8b9b11988c41f6 9.1/RPMS/MySQL-Max-4.0.11a-5.2.91mdk.i586.rpm
3ab9d2ecbbaa73a6e3dabcacb7ce7eb2 9.1/RPMS/MySQL-bench-4.0.11a-5.2.91mdk.i586.rpm
53132555ed6d6ec59a0634b1da46da4e 9.1/RPMS/MySQL-client-4.0.11a-5.2.91mdk.i586.rpm
743eb098d8ca52f237273556e034132d 9.1/RPMS/MySQL-common-4.0.11a-5.2.91mdk.i586.rpm
da5d057b05fd09f04a81d377c4a89cae 9.1/SRPMS/MySQL-4.0.11a-5.2.91mdk.src.rpm
Mandrakelinux 9.1/PPC:
8505e7a05978f637d0786ab352312878 ppc/9.1/RPMS/libmysql12-4.0.11a-5.2.91mdk.ppc.rpm
7496a584ade59c7e389335328db20853 ppc/9.1/RPMS/libmysql12-devel-4.0.11a-5.2.91mdk.ppc.rpm
943fc9895d394ca4ff3f5f21f4b46a85 ppc/9.1/RPMS/MySQL-4.0.11a-5.2.91mdk.ppc.rpm
df459fce0474aed6d0ba9e2b34fea3a5 ppc/9.1/RPMS/MySQL-Max-4.0.11a-5.2.91mdk.ppc.rpm
e1901d38eb68203218b47fbfa08c1806 ppc/9.1/RPMS/MySQL-bench-4.0.11a-5.2.91mdk.ppc.rpm
a14e0d0c74c182c9ce6fcaf879c18539 ppc/9.1/RPMS/MySQL-client-4.0.11a-5.2.91mdk.ppc.rpm
2c52ddb4e7918698e8a4e278d4f2aca3 ppc/9.1/RPMS/MySQL-common-4.0.11a-5.2.91mdk.ppc.rpm
da5d057b05fd09f04a81d377c4a89cae ppc/9.1/SRPMS/MySQL-4.0.11a-5.2.91mdk.src.rpm
Mandrakelinux 9.2:
96dfe33caef2b9435ad021f1a806a7d6 9.2/RPMS/libmysql12-4.0.15-1.1.92mdk.i586.rpm
61df7fe813aa3ee63810f6609a630f12 9.2/RPMS/libmysql12-devel-4.0.15-1.1.92mdk.i586.rpm
9c24bd6c3ebb4f1be6730c702d64f146 9.2/RPMS/MySQL-4.0.15-1.1.92mdk.i586.rpm
8acf113f397ffedf131b185fbebada9a 9.2/RPMS/MySQL-Max-4.0.15-1.1.92mdk.i586.rpm
29be93a8eee6cd517043068f1abd3100 9.2/RPMS/MySQL-bench-4.0.15-1.1.92mdk.i586.rpm
40c98038ec3188bcd13b12737394ea21 9.2/RPMS/MySQL-client-4.0.15-1.1.92mdk.i586.rpm
bbf926f51acd0555e31d972f92cad773 9.2/RPMS/MySQL-common-4.0.15-1.1.92mdk.i586.rpm
a2266d0dce39d9e58f4daac6ce1dd3c0 9.2/SRPMS/MySQL-4.0.15-1.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
bc27661060d3658e672bf8263a80974a amd64/9.2/RPMS/MySQL-4.0.15-1.1.92mdk.amd64.rpm
b4c71af172961e6c598bceaf72173607 amd64/9.2/RPMS/MySQL-Max-4.0.15-1.1.92mdk.amd64.rpm
c0a53126cc219f54f9ee6d433ab7a0df amd64/9.2/RPMS/MySQL-bench-4.0.15-1.1.92mdk.amd64.rpm
df28d41acd37b15ded63ecc26b84610f amd64/9.2/RPMS/MySQL-client-4.0.15-1.1.92mdk.amd64.rpm
fe3e598e35fd1f3e1c22c3ec231d9164 amd64/9.2/RPMS/MySQL-common-4.0.15-1.1.92mdk.amd64.rpm
a2266d0dce39d9e58f4daac6ce1dd3c0 amd64/9.2/SRPMS/MySQL-4.0.15-1.1.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
A list of FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesecure.net/en/advisories/
Mandrakesoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting:
http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFAhGXKmqjQ0CJFipgRAvSrAKD0EllzTYKyrtESm7kdIKpIuurBSACeNNWb
D4fH8zFZOCrwzwGUUwfDBGs=
=/aT9
-----END PGP SIGNATURE-----
|
|
