125991 – CAN-2004-0388 and CAN-2004-0381: insecure temporary file creation

Bug 125991 - CAN-2004-0388 and CAN-2004-0381: insecure temporary file creation

Summary: CAN-2004-0388 and CAN-2004-0381: insecure temporary file creation

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	mysql
Sub Component:
Version:	2
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Tom Lane
QA Contact:	David Lawrence
Docs Contact:
URL:	http://www.debian.org/security/2004/d...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-06-14 22:12 UTC by Robert Scheck
Modified:	2013-07-03 03:01 UTC (History)
CC List:	1 user (show)
Fixed In Version:	3.23.58-9.1
Clone Of:
Environment:
Last Closed:	2005-01-30 23:48:17 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
mysql-3.23.58-symlink.patch (1.34 KB, patch) 2004-06-14 22:13 UTC, Robert Scheck	no flags	Details \| Diff
View All

Description Robert Scheck 2004-06-14 22:12:53 UTC

Description of problem:
CAN-2004-0388: The script mysqld_multi in MySQL allows local users
               to overwrite arbitrary files via a symlink attack.

CAN-2004-0381: The script mysqlbug in MySQL allows local users to
               overwrite arbitrary files via a symlink attack.

Version-Release number of selected component (if applicable):
mysql-3.23.58-9

Expected results:
Patch/update (my patches are ported from Debian and Mandrake).

Additional info:
I only found CAN-2004-0381 (bug #119442) for RHEL3.

Comment 1 Robert Scheck 2004-06-14 22:13:32 UTC

Created attachment 101129 [details]
mysql-3.23.58-symlink.patch

Comment 2 Tom Lane 2004-06-15 19:30:59 UTC


*** This bug has been marked as a duplicate of 119442 ***

Comment 3 Mark J. Cox 2004-06-16 13:42:21 UTC

Reopening; we usually keep separate tracking bugs for FC and RHEL
since they run on different schedules for QA etc.  

This bug is for FC1 and FC2 tracking

Comment 4 Robert Scheck 2004-10-06 15:07:10 UTC

Fedora Core Development's -11 solves this issue. Does FC2 get an 
update?

Comment 5 Tom Lane 2004-10-06 22:22:23 UTC

It seems a sufficiently low-priority matter that I wasn't planning to
push out a separate update.  I might get overruled on that though.

Comment 6 Robert Scheck 2005-01-30 23:48:17 UTC

I'll close this bug, because:
- Fedora Core 2 got mysql-3.23.58-9.1
- Fedora Core 3 got mysql-3.23.58-14
- Red Hat Enterprise Linux 2.1 got mysql-3.23.58-1.72.1
- Red Hat Enterprise Linux 3 got mysql-3.23.58-2.3
this issue should be solved in any active supported distribution.

Note You need to log in before you can comment on or make changes to this bug.