Bug 58829 (suse43829) - VUL-0: mysqlhotcopy tempfile problem
Summary: VUL-0: mysqlhotcopy tempfile problem
Status: RESOLVED FIXED
: CVE-2004-0457 (view as bug list)
Alias: suse43829
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Sebastian Krahmer
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-08-16 16:09 UTC by Marcus Meissner
Modified: 2021-10-02 09:49 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
the patchinfo for box. (431 bytes, text/plain)
2004-08-18 17:31 UTC, Sebastian Krahmer 		Details
patchinfo for maintained (506 bytes, text/plain)
2004-08-18 17:31 UTC, Sebastian Krahmer 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2004-08-16 16:09:56 UTC 
mysqlhotcopy creates temporary files in an insecure way. A patch is available 
at http://lists.mysql.com/internals/15185. We received the following mail via 
vendor-sec: 
 
Date: Sat, 14 Aug 2004 17:31:05 +0200 
From: Martin Schulze <joey@infodrom.org>                                                                        
To: vendor-sec@lst.de 
Subject: [vendor-sec] CAN-2004-0457: Temporary file vulnerability in 
mysqlhotcopy                               
User-Agent: Mutt/1.5.6+20040803i 
X-Spam-Level: 
 
Moin! 
 
Jeroen van Wolffelaar <jeroen@wolffelaar.nl> discovered an insecure 
temporary file vulnerability in the mysqlhotcopy script when using the 
scp method. 
 
Sergei Golubchik <serg@mysql.com> has fixed this upstream with this 
patch: http://lists.mysql.com/internals/15185 
 
We will be issuing an advisory soon.  I guess you'd like to do the 
same. 
 
This is CAN-2004-0457. 
 
Regards, 
 
        Joey
Comment 1 Sebastian Krahmer 2004-08-16 19:53:16 UTC 
*** Bug 58831 has been marked as a duplicate of this bug. ***
Comment 2 Tomas Crhak 2004-08-18 17:06:36 UTC 
Fix needed for sles9, 9.0, 8.2, ul1/sles8, 8.0.

Could anyone translate the following for the patchinfo?

<snip>
This update fixes a temporary file vulnerability discovered
in the mysqlhotcopy script when using the scp method.
</snip>

Thanks!
Comment 3 Ludwig Nussel 2004-08-18 17:17:39 UTC 
Don't bother, we will just write the patchinfo files for you. 8.0 is no longer 
supported, no need to fix it. I suppose 9.1 is affected as well since sles9 
is?
Comment 4 Sebastian Krahmer 2004-08-18 17:28:30 UTC 
I just did. Will append it now.
Comment 5 Sebastian Krahmer 2004-08-18 17:29:41 UTC 
The patchinfops are in place, according to comment #2, I removed
SL 9.1. If it is affected it needs to be added in the distro-list.
Comment 6 Sebastian Krahmer 2004-08-18 17:31:33 UTC 
Created attachment 22779 [details]
the patchinfo for box.

...
Comment 7 Sebastian Krahmer 2004-08-18 17:31:55 UTC 
Created attachment 22780 [details]
patchinfo for maintained

...
Comment 8 Tomas Crhak 2004-08-18 18:16:43 UTC 
9.1 is affected as well (it shares sources with sles9),
submitted all except for 8.0
Comment 9 Marcus Meissner 2004-08-18 20:27:31 UTC 
<!-- SBZ_reopen -->Reopened by meissner@suse.de at Wed Aug 18 14:27:31 2004, took initial reporter lnussel@suse.de to cc
Comment 10 Marcus Meissner 2004-08-18 20:27:31 UTC 
reopen for tracking
Comment 11 Marcus Meissner 2004-09-06 20:59:31 UTC 
updates released.