Bug 58831 (CVE-2004-0457)

Summary: VUL-0: CVE-2004-0457: temp-file race in mysqlhotcopy
Product: [Novell Products] SUSE Security Incidents Reporter: Sebastian Krahmer <krahmer>
Component: IncidentsAssignee: Tomas Crhak <tcrhak>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2004-0457: CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Sebastian Krahmer 2004-08-16 16:56:42 UTC 
Date: Sat, 14 Aug 2004 17:31:05 +0200
From: Martin Schulze <joey@infodrom.org>
To: vendor-sec@lst.de
Subject: [vendor-sec] CAN-2004-0457: Temporary file vulnerability in
    mysqlhotcopy

Moin!

Jeroen van Wolffelaar <jeroen@wolffelaar.nl> discovered an insecure
temporary file vulnerability in the mysqlhotcopy script when using the
scp method.

Sergei Golubchik <serg@mysql.com> has fixed this upstream with this
patch: http://lists.mysql.com/internals/15185

We will be issuing an advisory soon.  I guess you'd like to do the
same.

This is CAN-2004-0457.

Regards,

       Joey
Comment 1 Sebastian Krahmer 2004-08-16 16:56:42 UTC 
<!-- SBZ_reproduce  -->
Thomas, is this an issue for us? e.g. does our mysql
package contain this script?
Comment 2 Sebastian Krahmer 2004-08-16 19:53:15 UTC 

*** This bug has been marked as a duplicate of 58829 ***
Comment 3 Thomas Biege 2009-10-13 20:32:10 UTC 
CVE-2004-0457: CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)