Debian 3.0: DSA 483-1 Critical MySQL File Overwrite Threat
debian
April 14, 2004
Two scripts contained in the package don't create temporary files in a secure fashion, which could lead to a root exploit.
Summary
Two vulnerabilities have been discovered in mysql, a common database
system. Two scripts contained in the package don't create temporary
files in a secure fashion. This could allow a local attacker to
overwrite files with the privileges of the user invoking the MySQL
server, which is often the root user. The Common Vulnerabilities and
Exposures identifies the following problems:
CAN-2004-0381
The script mysqlbug in MySQL allows local users to overwrite
arbitrary files via a symlink attack.
CAN-2004-0388
The script mysqld_multi in MySQL allows local users to overwrite
arbitrary files via a symlink attack.
For the stable distribution (woody) these problems have been fixed in
version 3.23.49-8.6.
For the unstable distribution (sid) these problems will be fixed in
version 4.0.18-6 of mysql-dfsg.
We recommend that you upgrade your mysql, mysql-dfsg and related
packages.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will inst...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: mysql
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!