64800 – (CVE-2005-0004) VUL-0: CVE-2005-0004: insecure tmp file usage in mysql

Bug 64800 (CVE-2005-0004) - VUL-0: CVE-2005-0004: insecure tmp file usage in mysql

Summary: VUL-0: CVE-2005-0004: insecure tmp file usage in mysql

Status:	RESOLVED FIXED

Alias:	CVE-2005-0004

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	All Linux

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Michal Čihař
QA Contact:	Security Team bot

URL:
Whiteboard:	CVE-2005-0004: CVSS v2 Base Score: 4....
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-01-13 20:07 UTC by Ludwig Nussel
Modified:	2021-11-04 15:59 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
patch.CAN-2005-0004.mysql (2.58 KB, patch) 2005-01-13 20:08 UTC, Ludwig Nussel	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ludwig Nussel 2005-01-13 20:07:15 UTC

We received the following report via vendor-sec.
This issue is not public yet, please keep any information about it inside SUSE.

Is this script used by some automatism? If not it's sufficient to
fix this with the next mysql security update IMO (if there is one).

Date: Thu, 13 Jan 2005 12:20:35 +0100
From: Martin Schulze <joey@infodrom.org>
To: vendor-sec@lst.de
Subject: [vendor-sec] CAN-2005-0004: Insecure temporary file use in mysql

Javier Fernandez-Sanguino Pena from the Debian Security Audit Project
discoverd a temporary file vulnerability in the mysqlaccess script of
MySQL that could allow an unprivileged user to let root overwrite
arbitrary files via a symlink attack and could also could unveil the
contents of a temporary file which might contain sensitive
information.

Below please find the proposed patch by Javier.

Thanks to Mark for providing a CVE id.

This problem went public without our intention by MySQL already:
http://lists.mysql.com/internals/20600

Regards,

	Joey

Comment 1 Ludwig Nussel 2005-01-13 20:08:00 UTC

Created attachment 27615 [details]
patch.CAN-2005-0004.mysql

Comment 2 Michal Čihař 2005-01-13 21:38:13 UTC

AFAIK we don't use it anyhow directly, so I'll wait with fixing.

Comment 3 Marcus Meissner 2005-02-18 21:51:02 UTC

A fix for stable is sufficient.

Comment 4 Michal Čihař 2005-02-21 10:21:52 UTC

Already fixed in MySQL 4.1.10 which we have in stable.

Comment 5 Thomas Biege 2009-10-13 20:57:33 UTC

CVE-2005-0004: CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)