The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files. http://www.debian.org/security/2004/dsa-540 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130348 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130347 ------- Additional Comments From dom 2004-09-07 14:09:33 ---- See also bug 1832. ------- Additional Comments From marcdeslauriers 2004-09-10 10:18:23 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated packages to QA for rh73 and rh9: Changelog: * Fri Sep 10 2004 Marc Deslauriers <marcdeslauriers> 3.23.58-1.73.2.legacy - - Added mysqlhotcopy patch to fix CAN-2004-0457 7.3: 3c50c892ec2e74b14688e59e5cab59bf933fc63c mysql-3.23.58-1.73.2.legacy.i386.rpm eefa504de0a69f23ef02bb9ba0d8601f1cc62383 mysql-3.23.58-1.73.2.legacy.src.rpm 7771d51f74ca7be9855fbd0c0b9ab3e9e98b1c6c mysql-devel-3.23.58-1.73.2.legacy.i386.rpm ed0bd96169a17f6720fe154e543b9debcda87987 mysql-server-3.23.58-1.73.2.legacy.i386.rpm 9: 57db3de3ad34158e000a9c1d6ac4a5ddead7ec2e mysql-3.23.58-1.90.2.legacy.i386.rpm 199cf8e78a9ad7f08cfea9a335c703e267175202 mysql-3.23.58-1.90.2.legacy.src.rpm 27df78482183c40037f4706dd84ca0958b92e2f1 mysql-devel-3.23.58-1.90.2.legacy.i386.rpm 2d165a4e56f99e67d669da60556b9fb24e42072b mysql-server-3.23.58-1.90.2.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/mysql-3.23.58-1.73.2.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/mysql-3.23.58-1.73.2.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/mysql-devel-3.23.58-1.73.2.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/mysql-server-3.23.58-1.73.2.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/mysql-3.23.58-1.90.2.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/mysql-3.23.58-1.90.2.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/9/mysql-devel-3.23.58-1.90.2.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/mysql-server-3.23.58-1.90.2.legacy.i386.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBQgvvLMAs/0C4zNoRAkBkAJsG75moYTwgMqyP2Vur2YFTC9f5gwCgoe2w s9gvSIhsiUdpovU9eRKl9Ew= =gT/T -----END PGP SIGNATURE----- ------- Additional Comments From marcdeslauriers 2004-09-10 10:18:45 ---- This bug now obsoletes bug 1832 ------- Additional Comments From mule 2004-09-10 18:19:03 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 57db3de3ad34158e000a9c1d6ac4a5ddead7ec2e mysql-3.23.58-1.90.2.legacy.i386.rpm 199cf8e78a9ad7f08cfea9a335c703e267175202 mysql-3.23.58-1.90.2.legacy.src.rpm 27df78482183c40037f4706dd84ca0958b92e2f1 mysql-devel-3.23.58-1.90.2.legacy.i386.rpm 2d165a4e56f99e67d669da60556b9fb24e42072b mysql-server-3.23.58-1.90.2.legacy.i386.rpm For Red Hat 9: * Spec file looks ok * Checked patches for mysql-3.23.58-symlink.patch, mysql-3.23.58-mysqlhotcopy.patch - look ok * Builds from source * Installs ok * Runs ok However, is the 3.23.58-1.90.2 versioning correct? Otherwise, vote for PUBLISH -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFBQnw5TsaUa9pp4VIRAlpjAJ9NYs5zSarsKc4B8z1VJLYKemZXYwCdGObr TQbNbEyyr95Ow9GrkLkfAcM= =2caO -----END PGP SIGNATURE----- ------- Additional Comments From marcdeslauriers 2005-02-21 16:47:01 ---- Packages in bug 2129 were pushed to updates-testing. ------- Bug moved to this database by dkl 2005-03-30 18:26 ------- This bug previously known as bug 2006 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=2006 Originally filed under the Fedora Legacy product and Package request component. Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.
Updated packages were released for this issue.