+++ This bug was initially created as a clone of Bug #150868 +++
Description of problem:
If an authenticated user has CREATE TEMPORARY TABLE privileges on any
existent database, a symlink attack is possible.
Reported to vulnwatch.org by Stefano Di Paola on 11 Mar 2005
Version-Release number of selected component (if applicable):
Requires some luck to guess name that will be used for temp file,
but unfortunately that's fairly predictable.
Steps to Reproduce:
1. See vulnwatch report.
This is fixed in 4.1.10a, which we should upgrade to anyway as it
contains numerous other bug fixes.
This issue affects RHEL3 and RHEL2.1 (mysql3)
*** Bug 151681 has been marked as a duplicate of this bug. ***
*** Bug 151734 has been marked as a duplicate of this bug. ***
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
The errata release is incomplete for RHEL-3, and does not include a patched
On RHEL3, mysql-server is part of "Extras", see bug 152437 for tracking.