Bugzilla – Attachment 25268 Details for
Bug 62135
VUL-0: CVE-2004-0957: several mysql bugs
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
IDP Log In
|
Forgot Password
mysql-3.23.58-symlink.patch
mysql-3.23.58-symlink.patch (text/x-diff), 1.34 KB, created by
Ludwig Nussel
on 2004-10-21 20:49:00 UTC
(
hide
)
Description:
mysql-3.23.58-symlink.patch
Filename:
MIME Type:
Creator:
Ludwig Nussel
Created:
2004-10-21 20:49:00 UTC
Size:
1.34 KB
patch
obsolete
>This patch fixes CAN-2004-0388 and CAN-2004-0381 > >CAN-2004-0388: The script mysqld_multi in MySQL allows local users > to overwrite arbitrary files via a symlink attack. > >CAN-2004-0381: The script mysqlbug in MySQL allows local users to > overwrite arbitrary files via a symlink attack. > >Adapted for MySQL >= 3.23.58 by Robert Scheck <redhat@linuxnetz.de> > >--- mysql-3.23.58/scripts/mysqld_multi.sh 2003-09-11 13:49:22.000000000 +0200 >+++ mysql-3.23.58/scripts/mysqld_multi.sh.symlink 2004-06-14 23:50:33.000000000 +0200 >@@ -9,7 +9,7 @@ > $opt_config_file = undef(); > $opt_example = 0; > $opt_help = 0; >-$opt_log = "/tmp/mysqld_multi.log"; >+$opt_log = "$ENV{HOME}/mysqld_multi.log"; > $opt_mysqladmin = "@bindir@/mysqladmin"; > $opt_mysqld = "@libexecdir@/mysqld"; > $opt_no_log = 0; >--- mysql-3.23.58/scripts/mysqlbug.sh 2003-09-11 13:49:21.000000000 +0200 >+++ mysql-3.23.58/scripts/mysqlbug.sh.symlink 2004-06-15 00:05:54.000000000 +0200 >@@ -252,7 +252,7 @@ > if cmp -s $TEMP $TEMP.x > then > echo "File not changed, no bug report submitted." >- cp $TEMP /tmp/failed-mysql-bugreport >+ mv -f $TEMP /tmp/failed-mysql-bugreport > echo "The raw bug report exists in /tmp/failed-mysql-bugreport" > echo "If you use this remember that the first lines of the report now is a lie.." > exit 1
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=25268">View the attachment on a separate page</a>.</b>
Actions:
View
Attachments on
bug 62135
: 25268