aru Posted May 14, 2003 Report Share Posted May 14, 2003 MandrakeSoft Security Advisory MDKSA-2003:057 : MySQL May 14th, 2003 Updated MySQL packages fix vulnerability In MySQL 3.23.55 and earlier, MySQL would create world-writeable files and allow mysql users to gain root privileges by using the "SELECT * INTO OUTFILE" operator to overwrite a configuration file, which could cause mysql to run as root upon restarting the daemon. This has been fixed upstream in version 3.23.56, which is provided for Mandrake Linux 9.0 and Corporate Server 2.1 users. The other updated packages have been patched to correct this issue. The released versions of Mandrake GNU/Linux affected are: 8.2 [*] 8.2/PPC [*] 9.0 [*] Corporate Server 2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:057 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0150 http://www.mysql.com/doc/en/News-3.23.56.html Posted automatically by aru (mdksec2mub v0.0.5) Link to comment Share on other sites More sharing options...
Recommended Posts