Bug 543653 (CVE-2009-4030)
| Summary: | CVE-2009-4030 mysql: Incomplete fix for CVE-2008-2079 / CVE-2008-4098 | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | kreilly, kvolny, squoggle, tgl |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://lists.mysql.com/commits/52326 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-02-17 09:56:27 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 512255, 512257, 549329, 556505, 556506, 833941 | ||
| Bug Blocks: | |||
|
Description
Jan Lieskovsky
2009-12-02 19:21:25 UTC
This issue does NOT affect the version of mysql package, as shipped with Red Hat Enteprise Linux 3. This issue affects the version of mysql package, as shipped with Red Hat Enterprise Linux 4. This issue does NOT affect the version of mysql package, as shipped with Red Hat Enteprise Linux 5. Update: Red Hat Enteprise Linux 5 is affected too, see comment #4 below. As far as I can tell, this problem can only occur when mysqld is started with relative path as an argument to --datadir, but not starting with the '.'. If datadir relative path starts with the '.', it is expected to be treated as relative to current working directory. If it does not, it's treated as relative to --basedir directory ("/usr" by default RHEL / Fedora packages). In such case DATA/INDEX DIRECTORY argument will be compared to "CWD/datadir_path" instead of the intended "basedir_path/datadir_path", resulting in a not working protection.
By default, mysqld is started with --basedir=/usr and --datadir=/var/lib/mysql . It is unlikely to be changed to --datadir=relative_path_not_starting_with_dot given the basedir default. Hence it's limited to certain non-default and rather unlikely setups.
(In reply to comment #1)
> This issue affects the version of mysql package, as shipped with
> Red Hat Enterprise Linux 4.
>
> This issue does NOT affect the version of mysql package, as shipped with
> Red Hat Enteprise Linux 5.
This info is not correct, problem exists in the latest Red Hat Enterprise Linux 5 MySQL packages (mysql-5.0.77-3.el5) too.
The patch is committed in upstream 5.1 bazaar branch: http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1/revision/1810.3967.4 but *not* included in 5.1.41 tarballs. Will there be a fix for Red Hat Enterprise Linux 4 & 5? Fix may appear in the future updates. As explained above, this has no impact on the default or typical configuration, only unlikely setups are affected. If you don't need to use symlinks, you can configure MySQL to not create them using skip-symbolic-links. This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0109 https://rhn.redhat.com/errata/RHSA-2010-0109.html This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0110 https://rhn.redhat.com/errata/RHSA-2010-0110.html |