Bug 64800 (CVE-2005-0004)

Summary: VUL-0: CVE-2005-0004: insecure tmp file usage in mysql
Product: [Novell Products] SUSE Security Incidents Reporter: Ludwig Nussel <lnussel>
Component: IncidentsAssignee: Michal Čihař <mcihar>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2005-0004: CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: patch.CAN-2005-0004.mysql

Description Ludwig Nussel 2005-01-13 20:07:15 UTC 
We received the following report via vendor-sec.
This issue is not public yet, please keep any information about it inside SUSE.

Is this script used by some automatism? If not it's sufficient to
fix this with the next mysql security update IMO (if there is one).

Date: Thu, 13 Jan 2005 12:20:35 +0100
From: Martin Schulze <joey@infodrom.org>
To: vendor-sec@lst.de
Subject: [vendor-sec] CAN-2005-0004: Insecure temporary file use in mysql

Javier Fernandez-Sanguino Pena from the Debian Security Audit Project
discoverd a temporary file vulnerability in the mysqlaccess script of
MySQL that could allow an unprivileged user to let root overwrite
arbitrary files via a symlink attack and could also could unveil the
contents of a temporary file which might contain sensitive
information.

Below please find the proposed patch by Javier.

Thanks to Mark for providing a CVE id.

This problem went public without our intention by MySQL already:
http://lists.mysql.com/internals/20600

Regards,

	Joey
Comment 1 Ludwig Nussel 2005-01-13 20:08:00 UTC 
Created attachment 27615 [details]
patch.CAN-2005-0004.mysql
Comment 2 Michal Čihař 2005-01-13 21:38:13 UTC 
AFAIK we don't use it anyhow directly, so I'll wait with fixing.
Comment 3 Marcus Meissner 2005-02-18 21:51:02 UTC 
A fix for stable is sufficient.
Comment 4 Michal Čihař 2005-02-21 10:21:52 UTC 
Already fixed in MySQL 4.1.10 which we have in stable.
Comment 5 Thomas Biege 2009-10-13 20:57:33 UTC 
CVE-2005-0004: CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)