mysqlbug script has temporary file vulnerability (uses /tmp) which
could allow an attacker to use a symlink attack to overwrite arbitrary
files as the person running mysqlbug.
Reported to bugtraq on Mar24th, minor issue to be fixed with next
Mark, you only marked CAN-2004-0381 for this bug, but the vulnerability
of CAN-2004-0388 is there, too.
Both CANs should be fixed with the patch from attachment #101129 [details]
*** Bug 125991 has been marked as a duplicate of this bug. ***
*** Bug 125992 has been marked as a duplicate of this bug. ***
Sorry Tom, for making that additional unnecessary work (for me and for
you), but it seems so, that there are multiple/different views how a
bug has to be marked in bugzilla for different distributions &
versions, but okay...the onliest I would be happy, is to have those 2
CANs fixed at all 4 currently supported distributions/versions at all
needed architectures (RHEL 2.1, 3 and FC 1, 2) ;-)
Most of your colleagues assign for each affected distribution version
a separate bug, so I followed this example - sorry again!
Reopening bug 125991; we usually do keep RHEL and FC separate; but not
split up the individual versions of RHEL/FC.
Fix is in mysql-3.23.58-2.2, slated for RHEL3 U4, and also in
3.23.58-11 and beyond for FC3.
An errata has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.