Red Hat Bugzilla – Bug 125991
CAN-2004-0388 and CAN-2004-0381: insecure temporary file creation
Last modified: 2013-07-02 23:01:47 EDT
Description of problem:
CAN-2004-0388: The script mysqld_multi in MySQL allows local users
to overwrite arbitrary files via a symlink attack.
CAN-2004-0381: The script mysqlbug in MySQL allows local users to
overwrite arbitrary files via a symlink attack.
Version-Release number of selected component (if applicable):
Patch/update (my patches are ported from Debian and Mandrake).
I only found CAN-2004-0381 (bug #119442) for RHEL3.
Created attachment 101129 [details]
*** This bug has been marked as a duplicate of 119442 ***
Reopening; we usually keep separate tracking bugs for FC and RHEL
since they run on different schedules for QA etc.
This bug is for FC1 and FC2 tracking
Fedora Core Development's -11 solves this issue. Does FC2 get an
It seems a sufficiently low-priority matter that I wasn't planning to
push out a separate update. I might get overruled on that though.
I'll close this bug, because:
- Fedora Core 2 got mysql-3.23.58-9.1
- Fedora Core 3 got mysql-3.23.58-14
- Red Hat Enterprise Linux 2.1 got mysql-3.23.58-1.72.1
- Red Hat Enterprise Linux 3 got mysql-3.23.58-2.3
this issue should be solved in any active supported distribution.