Bug 152747 - CAN-2004-0388 CAN-2004-0381: mysql insecure temporary file creation
CAN-2004-0388 CAN-2004-0381: mysql insecure temporary file creation
Status: CLOSED ERRATA
Product: Fedora Legacy
Classification: Retired
Component: Package request (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
LEGACY, rh73, rh90
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-07-05 16:48 EDT by Marc Deslauriers
Modified: 2007-04-18 13:22 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-05 18:29:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Lawrence 2005-03-30 18:26:02 EST
CAN-2004-0388: The script mysqld_multi in MySQL allows local users
               to overwrite arbitrary files via a symlink attack.

CAN-2004-0381: The script mysqlbug in MySQL allows local users to
               overwrite arbitrary files via a symlink attack.

Info:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0381
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=119442
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125991



------- Additional Comments From marcdeslauriers@videotron.ca 2004-07-06 14:02:44 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are mysql packages for 7.3 and 9:

Changelog:
* Tue Jul 06 2004 Marc Deslauriers <marcdeslauriers@videotron.ca>
3.23.58-1.73.1.legacy
- - Added symlink patch to fix CAN-2004-0381 and CAN-2004-0388

7.3:
03dd0c34efb55522bdfe01c4575a45060bb9cc6d  mysql-3.23.58-1.73.1.legacy.i386.rpm
8493bae60286e0bd83994948a71a37a7953d5727  mysql-3.23.58-1.73.1.legacy.src.rpm
08673b47e60faf8f926094aa74310ac61095f33a  mysql-devel-3.23.58-1.73.1.legacy.i386.rpm
4574ab77c8da81b11e12ad60bc05a34357a9838e 
mysql-server-3.23.58-1.73.1.legacy.i386.rpm

9:
a000f4d5baab96f375757800cd667e75798b1b36  mysql-3.23.58-1.90.1.legacy.i386.rpm
84a1416881883324ecbbfa4d18afbba4dad12fd0  mysql-3.23.58-1.90.1.legacy.src.rpm
b4de46c05c93831c719382a90fc3db0ef61d3bf8  mysql-devel-3.23.58-1.90.1.legacy.i386.rpm
7a6c10f5b61ee2c85519fcd75c158934302a717e 
mysql-server-3.23.58-1.90.1.legacy.i386.rpm

http://www.infostrategique.com/linuxrpms/legacy/7.3/mysql-3.23.58-1.73.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/mysql-3.23.58-1.73.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/mysql-devel-3.23.58-1.73.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/mysql-server-3.23.58-1.73.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/mysql-3.23.58-1.90.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/mysql-3.23.58-1.90.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/mysql-devel-3.23.58-1.90.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/mysql-server-3.23.58-1.90.1.legacy.i386.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA6z2SLMAs/0C4zNoRAiPZAJ9Al6TN9hkAi+Ftf1ukYbmwChV2NQCfd5fH
i3dirGEHUeXpCp4OHIu87Rk=
=pWlm
-----END PGP SIGNATURE-----




------- Additional Comments From dwb7@ccmr.cornell.edu 2004-08-13 05:04:43 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Using:
8493bae60286e0bd83994948a71a37a7953d5727 *mysql-3.23.58-1.73.1.legacy.src.rpm

srpm builds ok
patch looks ok
binary build rpms install ok
mysql seems to function normally, so far.

PUBLISH

- -DWB

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBHNhPSY7s7uPf/IURAmJtAJsEiHNF1FkTcECXqN5WJUWoXv/JDACdGzLq
iCQkTN/XVMsHHMsK/ID3l/U=
=7hkU
-----END PGP SIGNATURE-----




------- Additional Comments From dom@earth.li 2004-09-07 14:10:06 ----

Superceded by bug 2006.



------- Additional Comments From marcdeslauriers@videotron.ca 2004-10-13 16:12:54 ----

This bug has been superceded by bug 2129



------- Additional Comments From marcdeslauriers@videotron.ca 2005-02-21 16:46:28 ----

Packages in bug 2129 were pushed to updates-testing.



------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:26 -------

This bug previously known as bug 1832 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=1832
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Comment 1 Marc Deslauriers 2005-04-05 18:29:02 EDT
Updated packages were released for this issue.

Note You need to log in before you can comment on or make changes to this bug.