|
Lines 1-3
Link Here
|
|
|
1 |
mysql (3.23.49-8.9) stable-security; urgency=high |
| 2 |
|
| 3 |
* Maintainer upload for the Security Team |
| 4 |
* Javier Fernandez-Sanguino Pena from the Debian Security Audit Project |
| 5 |
found a /tmp symlink vulnerability in the mysqlaccess script that could |
| 6 |
allow an unprivileged user to let root overwrite arbitrary files without |
| 7 |
his knowledge and also could unveil the contents of a temporary file which |
| 8 |
might contain sensitive information. |
| 9 |
[scripts/mysqlaccess.sh, CAN-2005-0004] |
| 10 |
* Added older security patches to debian/patches for reference |
| 11 |
|
| 12 |
-- Christian Hammers <ch@debian.org> Thu, 13 Jan 2005 02:50:21 +0100 |
| 13 |
|
| 1 |
mysql (3.23.49-8.8) stable-security; urgency=high |
14 |
mysql (3.23.49-8.8) stable-security; urgency=high |
| 2 |
|
15 |
|
| 3 |
* Maintainer upload by the Security Team |
16 |
* Maintainer upload by the Security Team |
| 4 |
-- mysql-3.23.49.orig/scripts/mysqlaccess.sh |
17 |
++ mysql-3.23.49/scripts/mysqlaccess.sh |
|
Lines 3-8
Link Here
|
| 3 |
package MySQLaccess; |
3 |
package MySQLaccess; |
| 4 |
#use strict; |
4 |
#use strict; |
| 5 |
use POSIX qw(tmpnam); |
5 |
use POSIX qw(tmpnam); |
|
|
6 |
use File::Temp qw/ tempfile tempdir /; |
| 6 |
use Fcntl; |
7 |
use Fcntl; |
| 7 |
|
8 |
|
| 8 |
BEGIN { |
9 |
BEGIN { |
|
Lines 32-38
Link Here
|
| 32 |
$ACCESS_U_BCK = 'user_backup'; |
33 |
$ACCESS_U_BCK = 'user_backup'; |
| 33 |
$ACCESS_D_BCK = 'db_backup'; |
34 |
$ACCESS_D_BCK = 'db_backup'; |
| 34 |
$DIFF = '/usr/bin/diff'; |
35 |
$DIFF = '/usr/bin/diff'; |
| 35 |
$TMP_PATH = '/tmp'; #path to writable tmp-directory |
|
|
| 36 |
$MYSQLDUMP = '@bindir@/mysqldump'; |
36 |
$MYSQLDUMP = '@bindir@/mysqldump'; |
| 37 |
#path to mysqldump executable |
37 |
#path to mysqldump executable |
| 38 |
|
38 |
|
|
Lines 577-584
Link Here
|
| 577 |
push(@MySQLaccess::Grant::Error,'not_found_mysql') if !(-x $MYSQL); |
577 |
push(@MySQLaccess::Grant::Error,'not_found_mysql') if !(-x $MYSQL); |
| 578 |
push(@MySQLaccess::Grant::Error,'not_found_diff') if !(-x $DIFF); |
578 |
push(@MySQLaccess::Grant::Error,'not_found_diff') if !(-x $DIFF); |
| 579 |
push(@MySQLaccess::Grant::Error,'not_found_mysqldump') if !(-x $MYSQLDUMP); |
579 |
push(@MySQLaccess::Grant::Error,'not_found_mysqldump') if !(-x $MYSQLDUMP); |
| 580 |
push(@MySQLaccess::Grant::Error,'not_found_tmp') if !(-d $TMP_PATH); |
|
|
| 581 |
push(@MySQLaccess::Grant::Error,'write_err_tmp') if !(-w $TMP_PATH); |
| 582 |
if (@MySQLaccess::Grant::Error) { |
580 |
if (@MySQLaccess::Grant::Error) { |
| 583 |
MySQLaccess::Report::Print_Error_Messages() ; |
581 |
MySQLaccess::Report::Print_Error_Messages() ; |
| 584 |
exit 0; |
582 |
exit 0; |
|
Lines 1777-1785
Link Here
|
| 1777 |
@before = sort(@before); |
1775 |
@before = sort(@before); |
| 1778 |
@after = sort(@after); |
1776 |
@after = sort(@after); |
| 1779 |
|
1777 |
|
| 1780 |
$before = "$MySQLaccess::TMP_PATH/$MySQLaccess::script.before.$$"; |
1778 |
$before = new File::Temp ( Template => "$MySQLaccess::script.XXXXXX", SUFFIX => ".before" ) or |
| 1781 |
$after = "$MySQLaccess::TMP_PATH/$MySQLaccess::script.after.$$"; |
1779 |
die "Cannot create temporary file: $!" ; |
| 1782 |
#$after = "/tmp/t0"; |
1780 |
$after = new File::Temp ( Template => "$MySQLaccess::script.XXXXXX", SUFFIX => ".after" ) or |
|
|
1781 |
die "Cannot create temporary file: $!" ; |
| 1783 |
open(BEFORE,"> $before") || |
1782 |
open(BEFORE,"> $before") || |
| 1784 |
push(@MySQLaccess::Report::Errors,"Can't open temporary file $before for writing"); |
1783 |
push(@MySQLaccess::Report::Errors,"Can't open temporary file $before for writing"); |
| 1785 |
open(AFTER,"> $after") || |
1784 |
open(AFTER,"> $after") || |