MySQL mysqlhotcopy Insecure Temporary File Creation

2004-08-19T06:25:19
ID OSVDB:9015
Type osvdb
Reporter Jeroen van Wolffelaar(jeroen@wolffelaar.nl)
Modified 2004-08-19T06:25:19

Description

Vulnerability Description

mysqlhotcopy within MySQL contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when mysqlhotcopy creates insecure temporary files. It is possible that the flaw may allow a malicious user to use specially crafted symlinks to arbitrarily ovewrite files resulting in a loss of confidentiality and/or integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Debian has released a patch to address this vulnerability.

Short Description

mysqlhotcopy within MySQL contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when mysqlhotcopy creates insecure temporary files. It is possible that the flaw may allow a malicious user to use specially crafted symlinks to arbitrarily ovewrite files resulting in a loss of confidentiality and/or integrity.

References:

Vendor URL: http://www.mysql.com/ Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1010979 Secunia Advisory ID:13054 Secunia Advisory ID:12697 Secunia Advisory ID:13407 Secunia Advisory ID:12327 Secunia Advisory ID:12428 Other Advisory URL: http://www.debian.org/security/2004/dsa-540 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200409-02.xml Other Advisory URL: http://www.trustix.org/errata/2004/0050/ Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:119 Nessus Plugin ID:14343 Nessus Plugin ID:14649 Nessus Plugin ID:14339 ISS X-Force ID: 17030 CVE-2004-0457