CVE-2004-0381
CVSS2.1
发布时间 :2004-05-04 00:00:00
修订时间 :2016-10-17 22:44:50
NMCOP    

[原文]mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.


[CNNVD]MySQL放弃错误报告不安全临时文件建立漏洞(CNNVD-200405-031)

        
        MySQL是一款开放源代码关系型数据库系统。
        MySQL错误报告工具(mysqlbug)不安全建立临时文件,本地攻击者可以利用这个漏洞破坏系统任意文件内容,造成拒绝服务攻击。
        mysqlbug是错误报告脚本,运行时会启动文本编辑器,用户会被提示使用模板写入他们的错误报告。问题存在与脚本在处理用户简单的退出文本编辑器而没有更改漏洞报告的情况下,mysqlbug会执行如下代码:
        --
        if cmp -s $TEMP $TEMP.x
        then
         echo "File not changed, no bug report submitted."
         cp $TEMP /tmp/failed-mysql-bugreport
         echo "The raw bug report exists in
        /tmp/failed-mysql-bugreport"
         echo "If you use this remember that the first lines
        of the report now
        is a lie
        .."
         exit 1
        fi
        --
        会以静态文件名建立临时文件,因此攻击者可以建立符号连接,当其他用户调用错误调试时,可导致连接的目标文件被破坏,本地攻击者可以利用这个漏洞对本地系统进行拒绝服务攻击。
        

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:mysql:mysql:3.23.48MySQL MySQL 3.23.48
cpe:/a:mysql:mysql:3.23.49MySQL MySQL 3.23.49
cpe:/a:mysql:mysql:3.23.46MySQL MySQL 3.23.46
cpe:/a:mysql:mysql:3.23.47MySQL MySQL 3.23.47
cpe:/a:mysql:mysql:4.1.0:alphaMySQL MySQL 4.1.0 alpha
cpe:/a:mysql:mysql:3.23.30MySQL MySQL 3.23.30
cpe:/a:mysql:mysql:3.23.54aMySQL MySQL 3.23.54a
cpe:/a:mysql:mysql:3.23.44MySQL MySQL 3.23.44
cpe:/a:mysql:mysql:3.22.32MySQL MySQL 3.22.32
cpe:/a:mysql:mysql:3.23.45MySQL MySQL 3.23.45
cpe:/a:mysql:mysql:3.23.42MySQL MySQL 3.23.42
cpe:/a:mysql:mysql:4.0.7:gammaMySQL MySQL 4.0.7 gamma
cpe:/a:mysql:mysql:3.22.30MySQL MySQL 3.22.30
cpe:/a:mysql:mysql:3.23.43MySQL MySQL 3.23.43
cpe:/a:mysql:mysql:4.0.15MySQL MySQL 4.0.15
cpe:/a:mysql:mysql:4.0.18MySQL MySQL 4.0.18
cpe:/a:mysql:mysql:4.0.1MySQL MySQL 4.0.1
cpe:/a:mysql:mysql:4.0.0MySQL MySQL 4.0.0
cpe:/a:mysql:mysql:3.23.9MySQL MySQL 3.23.9
cpe:/a:mysql:mysql:4.0.3MySQL MySQL 4.0.3
cpe:/a:mysql:mysql:3.23.58MySQL MySQL 3.23.58
cpe:/a:mysql:mysql:3.23.8MySQL MySQL 3.23.8
cpe:/a:mysql:mysql:4.0.2MySQL MySQL 4.0.2
cpe:/a:mysql:mysql:3.23.40MySQL MySQL 3.23.40
cpe:/a:mysql:mysql:4.0.12MySQL MySQL 4.0.12
cpe:/a:mysql:mysql:3.23.41MySQL MySQL 3.23.41
cpe:/a:mysql:mysql:4.0.11MySQL MySQL 4.0.11
cpe:/a:mysql:mysql:4.0.14MySQL MySQL 4.0.14
cpe:/a:mysql:mysql:4.0.13MySQL MySQL 4.0.13
cpe:/a:mysql:mysql:3.23.3MySQL MySQL 3.23.3
cpe:/a:mysql:mysql:3.23.55MySQL MySQL 3.23.55
cpe:/a:mysql:mysql:3.23.2MySQL MySQL 3.23.2
cpe:/a:mysql:mysql:3.23.56MySQL MySQL 3.23.56
cpe:/a:mysql:mysql:3.23.5MySQL MySQL 3.23.5
cpe:/a:mysql:mysql:3.23.53MySQL MySQL 3.23.53
cpe:/a:mysql:mysql:4.0.10MySQL MySQL 4.0.10
cpe:/a:mysql:mysql:3.23.10MySQL MySQL 3.23.10
cpe:/a:mysql:mysql:3.23.54MySQL MySQL 3.23.54
cpe:/a:mysql:mysql:4.0.9:gammaMySQL MySQL 4.0.9 gamma
cpe:/a:mysql:mysql:4.0.8:gammaMySQL MySQL 4.0.8 gamma
cpe:/a:mysql:mysql:3.20.32aMySQL MySQL 3.20.32a
cpe:/a:mysql:mysql:3.23.26MySQL MySQL 3.23.26
cpe:/a:mysql:mysql:3.23.27MySQL MySQL 3.23.27
cpe:/a:mysql:mysql:3.23.24MySQL MySQL 3.23.24
cpe:/a:mysql:mysql:3.23.25MySQL MySQL 3.23.25
cpe:/a:mysql:mysql:3.23.28MySQL MySQL 3.23.28
cpe:/a:mysql:mysql:3.23.29MySQL MySQL 3.23.29
cpe:/a:mysql:mysql:3.23.51MySQL MySQL 3.23.51
cpe:/a:mysql:mysql:3.23.52MySQL MySQL 3.23.52
cpe:/a:mysql:mysql:3.23.50MySQL MySQL 3.23.50
cpe:/a:mysql:mysql:3.23.22MySQL MySQL 3.23.22
cpe:/a:mysql:mysql:3.23.23MySQL MySQL 3.23.23
cpe:/a:mysql:mysql:3.23.28:gammaMySQL MySQL 3.23.28 gamma
cpe:/a:mysql:mysql:4.0.5MySQL MySQL 4.0.5
cpe:/a:mysql:mysql:4.0.4MySQL MySQL 4.0.4
cpe:/a:mysql:mysql:4.0.5aMySQL MySQL 4.0.5a
cpe:/a:mysql:mysql:4.0.7MySQL MySQL 4.0.7
cpe:/a:mysql:mysql:4.0.6MySQL MySQL 4.0.6
cpe:/a:mysql:mysql:3.22.26MySQL MySQL 3.22.26
cpe:/a:mysql:mysql:3.23.37MySQL MySQL 3.23.37
cpe:/a:mysql:mysql:3.23.38MySQL MySQL 3.23.38
cpe:/a:mysql:mysql:3.23.36MySQL MySQL 3.23.36
cpe:/a:mysql:mysql:3.22.29MySQL MySQL 3.22.29
cpe:/a:mysql:mysql:3.22.28MySQL MySQL 3.22.28
cpe:/a:mysql:mysql:3.23.39MySQL MySQL 3.23.39
cpe:/a:mysql:mysql:3.22.27MySQL MySQL 3.22.27
cpe:/a:mysql:mysql:3.23.53aMySQL MySQL 3.23.53a
cpe:/a:mysql:mysql:3.23.33MySQL MySQL 3.23.33
cpe:/a:mysql:mysql:3.23.34MySQL MySQL 3.23.34
cpe:/a:mysql:mysql:3.23.31MySQL MySQL 3.23.31
cpe:/a:mysql:mysql:3.23.32MySQL MySQL 3.23.32
cpe:/a:mysql:mysql:4.0.11:gammaMySQL MySQL 4.0.11 gamma
cpe:/a:mysql:mysql:4.0.9MySQL MySQL 4.0.9
cpe:/a:mysql:mysql:4.0.8MySQL MySQL 4.0.8
cpe:/a:mysql:mysql:4.1.0.0MySQL MySQL 4.1.0.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11557mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0381
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0381
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200405-031
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=108023246916294&w=2
(UNKNOWN)  BUGTRAQ  20040324 mysqlbug tmpfile/symlink vulnerability.
http://marc.info/?l=bugtraq&m=108206802810402&w=2
(UNKNOWN)  BUGTRAQ  20040414 [OpenPKG-SA-2004.014] OpenPKG Security Advisory (mysql)
http://security.gentoo.org/glsa/glsa-200405-20.xml
(UNKNOWN)  GENTOO  GLSA-200405-20
http://www.ciac.org/ciac/bulletins/p-018.shtml
(UNKNOWN)  CIAC  P-018
http://www.debian.org/security/2004/dsa-483
(UNKNOWN)  DEBIAN  DSA-483
http://www.mandriva.com/security/advisories?name=MDKSA-2004:034
(UNKNOWN)  MANDRAKE  MDKSA-2004:034
http://www.redhat.com/support/errata/RHSA-2004-569.html
(UNKNOWN)  REDHAT  RHSA-2004:569
http://www.redhat.com/support/errata/RHSA-2004-597.html
(UNKNOWN)  REDHAT  RHSA-2004:597
http://www.securityfocus.com/bid/9976
(VENDOR_ADVISORY)  BID  9976
http://xforce.iss.net/xforce/xfdb/15617
(VENDOR_ADVISORY)  XF  mysql-mysqlbug-symlink(15617)

- 漏洞信息

MySQL放弃错误报告不安全临时文件建立漏洞
低危 设计错误
2004-05-04 00:00:00 2006-03-28 00:00:00
本地  
        
        MySQL是一款开放源代码关系型数据库系统。
        MySQL错误报告工具(mysqlbug)不安全建立临时文件,本地攻击者可以利用这个漏洞破坏系统任意文件内容,造成拒绝服务攻击。
        mysqlbug是错误报告脚本,运行时会启动文本编辑器,用户会被提示使用模板写入他们的错误报告。问题存在与脚本在处理用户简单的退出文本编辑器而没有更改漏洞报告的情况下,mysqlbug会执行如下代码:
        --
        if cmp -s $TEMP $TEMP.x
        then
         echo "File not changed, no bug report submitted."
         cp $TEMP /tmp/failed-mysql-bugreport
         echo "The raw bug report exists in
        /tmp/failed-mysql-bugreport"
         echo "If you use this remember that the first lines
        of the report now
        is a lie
        .."
         exit 1
        fi
        --
        会以静态文件名建立临时文件,因此攻击者可以建立符号连接,当其他用户调用错误调试时,可导致连接的目标文件被破坏,本地攻击者可以利用这个漏洞对本地系统进行拒绝服务攻击。
        

- 公告与补丁

        厂商补丁:
        MySQL AB
        --------
        MySQL development source repository已经修补此漏洞,建议用户下载使用:
        
        http://www.mysql.com/doc/en/Installing_source_tree.html

- 漏洞信息 (F33094)

dsa-483.txt (PacketStormID:F33094)
2004-04-15 00:00:00
Debian  debian.org
advisory,arbitrary,local
linux,debian
CVE-2004-0381,CVE-2004-0388
[点击下载]

Debian Security Advisory DSA 483-1 - The scripts mysqld_multi and mysqlbug in MySQL allow local users to overwrite arbitrary files via symlink attacks.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 483-1                     security debian org
http://www.debian.org/security/                             Martin Schulze
April 14th, 2004                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mysql
Vulnerability  : insecure temporary file creation
Problem-Type   : local
Debian-specific: no
CVE IDs        : CAN-2004-0381 CAN-2004-0388
Bugtraq ID     : 9976

Two vulnerabilities have been discovered in mysql, a common database
system.  Two scripts contained in the package don't create temporary
files in a secure fashion.  This could allow a local attacker to
overwrite files with the privileges of the user invoking the MySQL
server, which is often the root user.  The Common Vulnerabilities and
Exposures identifies the following problems:

CAN-2004-0381

    The script mysqlbug in MySQL allows local users to overwrite
    arbitrary files via a symlink attack.

CAN-2004-0388

    The script mysqld_multi in MySQL allows local users to overwrite
    arbitrary files via a symlink attack.

For the stable distribution (woody) these problems have been fixed in
version 3.23.49-8.6.

For the unstable distribution (sid) these problems will be fixed in
version 4.0.18-6 of mysql-dfsg.

We recommend that you upgrade your mysql, mysql-dfsg and related
packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.6.dsc
      Size/MD5 checksum:      875 5ddb12f783b137adb3713eb833b2b62c
    http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.6.diff.gz
      Size/MD5 checksum:    61688 651060d3e96cee5f78fa3a7627cd89a7
    http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz
      Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a

  Architecture independent components:

    http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.6_all.deb
      Size/MD5 checksum:    16860 a38766469024146e445bff07f93e4954

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-
8.6_alpha.deb
      Size/MD5 checksum:   277662 54b823e4e25f4b8e260ac82539bdf84f
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-
8.6_alpha.deb
      Size/MD5 checksum:   778718 e8d82f4d6e32a14e01e076314a094b03
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_alpha.deb
      Size/MD5 checksum:   163476 5bc948ab4f6ce862ebf9a64f2f7b6042
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_alpha.deb
      Size/MD5 checksum:  3634384 9d6e3871dfa018a87a516188e58dabfb

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-
8.6_arm.deb
      Size/MD5 checksum:   238300 9caaa0c9a0d9909ef403f791c8ccf137
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-
8.6_arm.deb
      Size/MD5 checksum:   634574 afc1a6cb70f1581a72b2f5904f8abf14
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_arm.deb
      Size/MD5 checksum:   123878 facc6f6326dc1080019fe54e7516c44a
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_arm.deb
      Size/MD5 checksum:  2805988 c38af448095a9358fe292f41c7f44fb1

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-
8.6_i386.deb
      Size/MD5 checksum:   234634 5952137d0b86f6bfefd709ebfc0c624d
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-
8.6_i386.deb
      Size/MD5 checksum:   576560 f8f9089209da42c1134f0157e62b4e49
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_i386.deb
      Size/MD5 checksum:   122462 148429934c68f10c291ae8ffe0a6db8c
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_i386.deb
      Size/MD5 checksum:  2800616 afd1dfcf5424f78ce7836c96b0dd92b1

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-
8.6_ia64.deb
      Size/MD5 checksum:   315010 a8678f1aa73cb3a4fcbac4e479109311
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-
8.6_ia64.deb
      Size/MD5 checksum:   848558 63f12a1295198c791956d3d9ba3e6364
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_ia64.deb
      Size/MD5 checksum:   173738 d83526ec16d5ba18b66bb4f0962c44f1
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_ia64.deb
      Size/MD5 checksum:  4000100 78c9cfd1bba1711338a557bd4737832f

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-
8.6_hppa.deb
      Size/MD5 checksum:   280566 e11769ec989c98b9e857c30206246e95
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-
8.6_hppa.deb
      Size/MD5 checksum:   743656 5fe1d40d737c3de61e7cf31183125526
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_hppa.deb
      Size/MD5 checksum:   140540 29f2b8d797afc05de720bbc4d4a517e9
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_hppa.deb
      Size/MD5 checksum:  3514794 42eaa54090fb0e6497cd1359f29e9304

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-
8.6_m68k.deb
      Size/MD5 checksum:   227640 a7925061c360f47c83dcffd62b411358
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-
8.6_m68k.deb
      Size/MD5 checksum:   557758 2545764c1f609dc28e4542e5f3d4b522
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_m68k.deb
      Size/MD5 checksum:   118356 47948f12e32fb25d7619c97b9f735486
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_m68k.deb
      Size/MD5 checksum:  2646508 9f49bf6d899ea6d768cfe51caa54c39c

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-
8.6_mips.deb
      Size/MD5 checksum:   250892 4143d2fcad7a4b7f981fa666f6fdde65
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-
8.6_mips.deb
      Size/MD5 checksum:   688998 e9da91c9477edd7b93ea71d96734ad4c
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_mips.deb
      Size/MD5 checksum:   133836 c2e14bd75e1a68dabfa6ef4d0002fb30
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_mips.deb
      Size/MD5 checksum:  2847932 696eac6a3c87c3ff747ed71d4ad03fe4

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-
8.6_mipsel.deb
      Size/MD5 checksum:   250550 f9a25d5a5ec4225c95bb799afb8029c6
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-
8.6_mipsel.deb
      Size/MD5 checksum:   688316 db428d75698cd72414b471d91615bd56
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_mipsel.deb
      Size/MD5 checksum:   134178 bf6e0a0eb74cc8d7c4afd19f4d05d635
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_mipsel.deb
      Size/MD5 checksum:  2839102 bff1d416c52801ef49af1ce4dcce8a17

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-
8.6_powerpc.deb
      Size/MD5 checksum:   247660 4e4561d59aa84920423515c7f9177273
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-
8.6_powerpc.deb
      Size/MD5 checksum:   652592 b9f51e0286c747fc58e2aeac9cf3c621
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_powerpc.deb
      Size/MD5 checksum:   129376 dc96676d319a7b0ee699b7f7f628e543
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_powerpc.deb
      Size/MD5 checksum:  2823002 71952fc874cc70aa45a29bd6eb54cb50

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-
8.6_s390.deb
      Size/MD5 checksum:   249960 0770d4308c3d28208bfc95f4d3473ae8
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-
8.6_s390.deb
      Size/MD5 checksum:   607056 b77cf4690bb666dccd2edacbb06c09e5
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_s390.deb
      Size/MD5 checksum:   126362 eb38bd8e3f363a37dfb54844702fc4fd
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_s390.deb
      Size/MD5 checksum:  2691074 2e56d9a296a5d87388f1660510c5f8b3

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-
8.6_sparc.deb
      Size/MD5 checksum:   241178 5afe949aaacf4e7b66d292ab4efc90c0
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-
8.6_sparc.deb
      Size/MD5 checksum:   615208 f117524a68678d8d3aac68260e6a24cd
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_sparc.deb
      Size/MD5 checksum:   130352 a3d97c6a8b9e3d460bb6cefab2f8d5fd
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_sparc.deb
      Size/MD5 checksum:  2939242 ef58492f8397d98a25277bccfdf96986


  These files will probably be moved into the stable distribution on
  its next update.

- --------------------------------------------------------------------------------
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce lists debian org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAfV21W5ql+IAeqTIRAiA+AJ9tayI2WATT8ObACOHavIqzvdl/UgCgkPhG
XvpZT396zhQagsm1iqlF5B8=
=+VhC
-----END PGP SIGNATURE-----
    

- 漏洞信息

6420
MySQL mysqlbug Symlink Arbitrary File Overwrite
Local Access Required Input Manipulation, Race Condition
Loss of Integrity
Exploit Public

- 漏洞描述

MySQL contains a flaw that may allow a malicious user to arbitrary overwrite files. The problem is that the "mysqlbug" script creates files with insecure permissions. It is possible that the flaw may allow a malicious user to create a symlink to this file, which could allow arbitrary files to be overwriten on the system, resulting in a loss of integrity.

- 时间线

2004-03-24 Unknow
2004-03-24 Unknow

- 解决方案

Upgrade to version 4.0.20 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站