MySQL 'mysqld_multi' Temporary File Flaw Lets Local Users Overwrite Files
|
|
SecurityTracker Alert ID: 1009784
|
|
SecurityTracker URL: http://securitytracker.com/id?1009784
|
|
CVE Reference: CAN-2004-0388
(Links to External Site)
|
Date: Apr 15 2004
|
Impact: Modification of system information, Modification of user information, Root access via local system, User access via local system
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): 4.0.18, 3.23.58
|
Description: A vulnerability was reported in the MySQL 'mysqld_multi' script. A local user may be able to gain elevated privileges on the target system.
SuSE reported that the 'mysqld_multi' shell script creates a temporary log file ('/tmp/mysqld_multi.log') in an unsafe manner. A
local user can create a symbolic link (symlink) from a critical file on the system to this temporary file. Then, when the script
is run by a target user, the symlinked file will be overwritten with the privileges of the target user.
A local user may be able
to gain elevated privileges on the target system.
|
Impact: A local user can cause files to be overwritten with the privileges of the target user. A local user may be able to gain elevated privileges on the target system.
|
Solution: The vendor has issued a fixed version, which has been committed to the MySQL source repository, available at:
http://www.mysql.com/doc/en/Installing_source_tree.html
The fix is included in version 1.13 of 'scripts/mysqld_multi.sh' as of April 14, 2004.
|
Vendor URL: www.mysql.com/ (Links to External Site)
|
Cause: Access control error, State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 14 Apr 2004 14:38:12 -0400
Subject: CAN-2004-0388
|
CVE: CAN-2004-0388
A vulnerability was reported in the MySQL 'mysqld_multi' script. A local user can
overwrite arbitrary files on the target system.
|
|
