aru Posted April 19, 2004 Report Share Posted April 19, 2004 MandrakeSoft Security Advisory MDKSA-2004:034 : MySQL April 19th, 2004 Updated MySQL packages fix temporary file insecurities Shaun Colley discovered that two scripts distributed with MySQL, the 'mysqld_multi' and 'mysqlbug' scripts, did not create temporary files in a secure fashion. An attacker could create symbolic links in /tmp that could allow for overwriting of files with the privileges of the user running the scripts. The scripts have been patched in the updated packages to prevent this behaviour. The released versions of Mandrake GNU/Linux affected are: 9.1 9.2 9.2/AMD64 Corporate Server 2.1 10.0 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:034 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2004-0381 http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2004-0388 Posted automatically by aru (mdksec2mub v0.0.8) Link to comment Share on other sites More sharing options...
Recommended Posts