Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Gentoo: GLSA-200405-20 Normal: MySQL Insecure Temporary File Creation

gentoo
Calendar Grey May 25, 2004
Dist Gentoo Esm H88
Mitigating the risks associated with insecure creation of temporary files in MySQL on Gentoo platforms, which could lead to critical data loss.
Two MySQL utilities create temporary files with hardcoded paths, allowing an attacker to use a symlink to trick MySQL into overwriting important data

Summary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gentoo Linux Security Advisory                           GLSA 200405-20
                                            https://security.gentoo.org/

  Severity: Normal
     Title: Insecure Temporary File Creation In MySQL
      Date: May 25, 2004
      Bugs: #46242
        ID: 200405-20


Synopsis
=======
Two MySQL utilities create temporary files with hardcoded paths,
allowing an attacker to use a symlink to trick MySQL into overwriting
important data.

Background
=========
MySQL is a popular open-source multi-threaded, multi-user SQL database
server.

Affected packages
================
    -------------------------------------------------------------------
     Package       /   Vulnerable   /                       Unaffected
    -------------------------------------------------------------------
  1  dev-db/mysql      < 4.0.18-r2                        >= 4.0.18-r2

==========
The MySQL bug reporting utility (mysqlbug) creates a temporary file...
Read the Full Advisory
Topics%20covered

Topics Covered

security advisory gentoo mysql local exploit insecure file creation data overwrite

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory gentoo mysql local exploit insecure file creation data overwrite

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here