Bug 58831 (CVE-2004-0457) - VUL-0: CVE-2004-0457: temp-file race in mysqlhotcopy
Summary: VUL-0: CVE-2004-0457: temp-file race in mysqlhotcopy
Status: RESOLVED DUPLICATE of bug 58829
Alias: CVE-2004-0457
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Tomas Crhak
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2004-0457: CVSS v2 Base Score: 4....
Keywords:
Depends on:
Blocks:
 
Reported: 2004-08-16 16:56 UTC by Sebastian Krahmer
Modified: 2021-10-02 09:48 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2004-08-16 16:56:42 UTC 
Date: Sat, 14 Aug 2004 17:31:05 +0200
From: Martin Schulze <joey@infodrom.org>
To: vendor-sec@lst.de
Subject: [vendor-sec] CAN-2004-0457: Temporary file vulnerability in
    mysqlhotcopy

Moin!

Jeroen van Wolffelaar <jeroen@wolffelaar.nl> discovered an insecure
temporary file vulnerability in the mysqlhotcopy script when using the
scp method.

Sergei Golubchik <serg@mysql.com> has fixed this upstream with this
patch: http://lists.mysql.com/internals/15185

We will be issuing an advisory soon.  I guess you'd like to do the
same.

This is CAN-2004-0457.

Regards,

       Joey
Comment 1 Sebastian Krahmer 2004-08-16 16:56:42 UTC 
<!-- SBZ_reproduce  -->
Thomas, is this an issue for us? e.g. does our mysql
package contain this script?
Comment 2 Sebastian Krahmer 2004-08-16 19:53:15 UTC 

*** This bug has been marked as a duplicate of 58829 ***
Comment 3 Thomas Biege 2009-10-13 20:32:10 UTC 
CVE-2004-0457: CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)