MySQL mysqlaccess script symlink attack
| mysql-mysqlaccess-symlink (18922) |  Medium Risk |
Description:
MySQL creates insecure temporary files. A local attacker could use this vulnerability to create symbolic links from a temporary file to overwrite arbitrary files on the system with user privileges.
Platforms Affected:
- Canonical, Ubuntu 4.10
- Debian, Debian Linux 3.0
- Gentoo, Linux
- MandrakeSoft, Mandrake Linux 10.0 AMD64
- MandrakeSoft, Mandrake Linux 10.0
- MandrakeSoft, Mandrake Linux 10.1
- MandrakeSoft, Mandrake Linux 10.1 X86_64
- MandrakeSoft, Mandrake Linux Corporate Server 2.1
- MandrakeSoft, Mandrake Linux Corporate Server 2.1 X86_64
- MandrakeSoft, Mandrake Linux Corporate Server 3.0 X86_64
- MandrakeSoft, Mandrake Linux Corporate Server 3.0
- MySQL, MySQL 3.23.49
- MySQL, MySQL 4.0.0
- MySQL, MySQL 4.0.1
- MySQL, MySQL 4.0.10
- MySQL, MySQL 4.0.11
- MySQL, MySQL 4.0.11 Gamma
- MySQL, MySQL 4.0.12
- MySQL, MySQL 4.0.13
- MySQL, MySQL 4.0.14
- MySQL, MySQL 4.0.15
- MySQL, MySQL 4.0.18
- MySQL, MySQL 4.0.2
- MySQL, MySQL 4.0.20
- MySQL, MySQL 4.0.21
- MySQL, MySQL 4.0.3
- MySQL, MySQL 4.0.4
- MySQL, MySQL 4.0.5
- MySQL, MySQL 4.0.5A
- MySQL, MySQL 4.0.6
- MySQL, MySQL 4.0.7
- MySQL, MySQL 4.0.7 Gamma
- MySQL, MySQL 4.0.8
- MySQL, MySQL 4.0.8 Gamma
- MySQL, MySQL 4.0.9
- MySQL, MySQL 4.0.9 Gamma
- MySQL, MySQL 4.1.0 Alpha
- MySQL, MySQL 4.1.0.0
- MySQL, MySQL 4.1.2 Alpha
- MySQL, MySQL 4.1.3 Beta
- MySQL, MySQL 4.1.3.0
- MySQL, MySQL 4.1.4
- MySQL, MySQL 4.1.5
- OpenPKG, OpenPKG 2.2
- OpenPKG, OpenPKG CURRENT
- Sun, Solaris 10 SPARC
- Sun, Solaris 10 x86
Remedy:
For Ubuntu Linux:
Upgrade to the latest mysql-dfsg package (4.0.20-2ubuntu1.2 or later), as listed in USN-63-1 January 18, 2005 for more information. See References.
For Debian GNU/Linux 3.0(woody):
Upgrade to the latest version of mysql (version 3.23.49-8.9 or later), as listed in DSA-647-1. See References.
For OpenPKG:
Upgrade to the latest mysql package, as listed in OpenPKG Security Advisory OpenPKG-SA-2005.006. See References.
OpenPKG CURRENT: 4.1.10a-20050311 or later
OpenPKG 2.2: 4.0.21-2.2.2 or later
For Gentoo Linux:
Refer to Gentoo Linux Security Announcement GLSA 2005-01-33 for patch, upgrade, or suggested workaround information. See References.
For other distributions:
Apply the appropriate update for your system. See References.
Consequences:
File Manipulation
References:
- MySQL Web site, MySQL:The World's Most Popular Open Source Database at http://www.mysql.com/.
- Sun Alert ID: 201658, Multiple Security Vulnerabilities in The MySQL Package at http://sunsolve.sun.com/search/document.do?assetkey=1-66-201658-1.
- BID-12277: MySQL Database MySQLAccess Local Insecure Temporary File Creation Vulnerability
- CVE-2005-0004: The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.
- DSA-647: mysql -- insecure temporary files
- GLSA-200501-33: MySQL: Insecure temporary file creation
- MDKSA-2005:036: Updated MySQL packages fix temporary file vulnerability
- OpenPKG-SA-2005.006: MySQL
- SA13867: MySQL mysqlaccess Script Insecure Temporary File Creation
- USN-63-1: MySQL client vulnerability
Reported:
Jan 17, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net