Red Hat Bugzilla – Bug 553648
CVE-2010-1626 mysql: table destruction via DATA/INDEX DIRECTORY directives using symlinks
Last modified: 2012-06-20 10:24:20 EDT
Ingo Strüwing reported another problem related to CVE-2008-2079 / CVE-2008-4098. A user with with privileges to CREATE / DROP tables in some MySQL database with shell access to the database server can remove data file for other tables using MyISAM storage engine, even in different databases.
Issue was first mentioned in upstream bug:
Issue is tracked upstream via (previously public, but currently restricted) bug:
Problem has not upstream fix yet.
More details can be found in:
Disable use of table symbolic links in setups where (untrusted) database users with CREATE / DROP TABLE privileges also have a shell access to the database server. This can be achieved by adding 'symbolic-links=0' or 'skip-symbolic-links' to '[mysqld]' section of the my.cnf configuration file. See MySQL reference manual for further details:
This was added as a default for future Fedora and RHEL versions (bug #553652).
Fixed upstream in 5.1.46:
via following commit:
mysql-5.1.46-1.fc11 has been submitted as an update for Fedora 11.
mysql-5.1.46-1.fc12 has been submitted as an update for Fedora 12.
mysql-5.1.46-1.fc13 has been submitted as an update for Fedora 13.
mysql-5.1.46-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
mysql-5.1.46-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
mysql-5.1.46-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
Created attachment 415408 [details]
Patch backported to 5.0.77, EL5
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2010:0442 https://rhn.redhat.com/errata/RHSA-2010-0442.html