(Sun Issues Fix) MySQL CREATE TEMPORARY TABLE Uses Predictable Temporary Files That May Let Users Gain Elevated Privileges - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Database) > MySQL

Vendors: MySQL.com

(Sun Issues Fix) MySQL CREATE TEMPORARY TABLE Uses Predictable Temporary Files That May Let Users Gain Elevated Privileges

SecurityTracker Alert ID: 1014667

SecurityTracker URL: http://securitytracker.com/id/1014667

CVE Reference: CAN-2005-0711 (Links to External Site)

Date: Aug 13 2005

Impact: Modification of system information, Modification of user information

Fix Available: Yes Vendor Confirmed: Yes

Version(s): prior to 4.0.24 and 4.1.10a

Description: A vulnerability was reported in MySQL in the use of temporary files with the CREATE TEMPORARY TABLE function. A local user with database access privileges may be able to gain elevated privileges within the database.

The function uses a predictable filename when creating temporary files for use by temporary tables.

A local user can create a symbolic link (symlink) from another database file on the system to a temporary file to be used by MySQL. Then, the local user can authenticate to the database and create a temporary table (that will use the symlinked file). The authenticated user may then be able to gain elevated privileges within the database application.

Stefano Di Paola of wisec.it reported this vulnerability.

Impact: A local user with database access privileges may be able to gain elevated privileges within the database.

Solution: Sun has issued the following fixes.

SPARC Platform

* Solaris 10 with patch 120292-01 or later

x86 Platform

* Solaris 10 with patch 120293-01 or later

Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 (Links to External Site)

Cause: Access control error, State error

Underlying OS: UNIX (Solaris - SunOS)

Message History: This archive entry is a follow-up to the message listed below.

MySQL CREATE TEMPORARY TABLE Uses Predictable Temporary Files That May Let Users Gain Elevated Privileges

Source Message Contents

Date: Sat, 13 Aug 2005 00:54:53 -0400
Subject: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1



# Sun Alert ID: 101864
# Synopsis: Multiple Security Vulnerabilities in The "MySQL" Package
# Category: Security
#
Product: Solaris 10 Operating System
# BugIDs: 6258187
# Avoidance: Patch
# State: Resolved
# Date Released: 11-Aug-2005
# Date Closed: 11-Aug-2005
# Date Modified:

CVE: CAN-2004-0835, CAN-2004-0837, CAN-2005-0004, CAN-2005-0709, CAN-2005-0710, 
CAN-2005-0711

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC