CVE-2005-0004
CVSS4.6
发布时间 :2005-04-14 00:00:00
修订时间 :2016-10-17 23:07:25
NMCOPS    

[原文]The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.


[CNNVD]MySQL Database MySQLAccess本地不安全临时文件漏洞(CNNVD-200504-042)

        MySQL是一个小型关系型数据库管理系统,开发者为瑞典MySQLAB公司,在2008年1月16号被Sun公司收购。MySQL被广泛地应用在 Internet上的中小型网站中。由于其体积小、速度快、总体拥有成本低,尤其是开放源码这一特点,许多中小型网站为了降低网站总体拥有成本而选择了 MySQL作为网站数据库。
        MySQL 4.0.23及之前版本、4.1.x的4.1.10之前版本、5.0.x的5.0.3之前版本以及其他版本含3.x版中的mysqlaccess脚本使得本地用户可以通过对临时文件发起symlink攻击来重写任意文件或读取临时文件。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:debian:debian_linux:3.0::ia-32
cpe:/a:mysql:mysql:4.1.2:alphaMySQL MySQL 4.1.2 alpha
cpe:/a:mysql:mysql:4.1.0:alphaMySQL MySQL 4.1.0 alpha
cpe:/o:debian:debian_linux:3.0::ppc
cpe:/a:mysql:mysql:4.1.3:betaMySQL MySQL 4.1.3 beta
cpe:/o:debian:debian_linux:3.0::hppa
cpe:/a:mysql:mysql:4.0.21MySQL MySQL 4.0.21
cpe:/a:mysql:mysql:4.0.7:gammaMySQL MySQL 4.0.7 gamma
cpe:/a:mysql:mysql:4.0.20MySQL MySQL 4.0.20
cpe:/o:debian:debian_linux:3.0::m68k
cpe:/o:redhat:linux:9.0::i386
cpe:/o:redhat:linux:7.3::i386
cpe:/a:mysql:mysql:4.0.15MySQL MySQL 4.0.15
cpe:/o:debian:debian_linux:3.0::sparc
cpe:/a:mysql:mysql:4.0.18MySQL MySQL 4.0.18
cpe:/o:debian:debian_linux:3.0::s-390
cpe:/a:mysql:mysql:4.0.5MySQL MySQL 4.0.5
cpe:/a:mysql:mysql:4.1.4MySQL MySQL 4.1.4
cpe:/a:mysql:mysql:4.0.4MySQL MySQL 4.0.4
cpe:/a:mysql:mysql:4.0.5aMySQL MySQL 4.0.5a
cpe:/a:mysql:mysql:4.1.3MySQL MySQL 4.1.3
cpe:/a:mysql:mysql:4.0.7MySQL MySQL 4.0.7
cpe:/a:mysql:mysql:4.0.6MySQL MySQL 4.0.6
cpe:/a:mysql:mysql:4.1.5MySQL MySQL 4.1.5
cpe:/a:mysql:mysql:4.0.1MySQL MySQL 4.0.1
cpe:/a:mysql:mysql:4.0.0MySQL MySQL 4.0.0
cpe:/o:gentoo:linuxGentoo Linux
cpe:/a:mysql:mysql:4.0.3MySQL MySQL 4.0.3
cpe:/a:mysql:mysql:4.0.2MySQL MySQL 4.0.2
cpe:/o:debian:debian_linux:3.0::arm
cpe:/a:mysql:mysql:4.0.12MySQL MySQL 4.0.12
cpe:/o:debian:debian_linux:3.0::mipsel
cpe:/a:mysql:mysql:4.0.11MySQL MySQL 4.0.11
cpe:/a:mysql:mysql:4.0.14MySQL MySQL 4.0.14
cpe:/a:mysql:mysql:4.0.13MySQL MySQL 4.0.13
cpe:/o:debian:debian_linux:3.0::ia-64
cpe:/o:debian:debian_linux:3.0::mips
cpe:/o:debian:debian_linux:3.0::alpha
cpe:/a:mysql:mysql:4.0.10MySQL MySQL 4.0.10
cpe:/a:mysql:mysql:4.0.9:gammaMySQL MySQL 4.0.9 gamma
cpe:/a:mysql:mysql:4.0.11:gammaMySQL MySQL 4.0.11 gamma
cpe:/a:mysql:mysql:4.0.8:gammaMySQL MySQL 4.0.8 gamma
cpe:/o:redhat:fedora_core:core_1.0
cpe:/a:mysql:mysql:4.0.9MySQL MySQL 4.0.9
cpe:/a:mysql:mysql:4.0.8MySQL MySQL 4.0.8
cpe:/a:mysql:mysql:4.1.0.0MySQL MySQL 4.1.0.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0004
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0004
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200504-042
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947
(UNKNOWN)  CONECTIVA  CLA-2005:947
http://lists.mysql.com/internals/20600
(UNKNOWN)  CONFIRM  http://lists.mysql.com/internals/20600
http://marc.info/?l=bugtraq&m=110608297217224&w=2
(UNKNOWN)  BUGTRAQ  20050118 [USN-63-1] MySQL client vulnerability
http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.html
(UNKNOWN)  CONFIRM  http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1
(UNKNOWN)  SUNALERT  101864
http://www.debian.org/security/2005/dsa-647
(VENDOR_ADVISORY)  DEBIAN  DSA-647
http://www.mandriva.com/security/advisories?name=MDKSA-2005:036
(UNKNOWN)  MANDRAKE  MDKSA-2005:036
http://www.securityfocus.com/bid/12277
(VENDOR_ADVISORY)  BID  12277
http://xforce.iss.net/xforce/xfdb/18922
(UNKNOWN)  XF  mysql-mysqlaccess-symlink(18922)

- 漏洞信息

MySQL Database MySQLAccess本地不安全临时文件漏洞
中危 设计错误
2005-04-14 00:00:00 2006-03-28 00:00:00
本地  
        MySQL是一个小型关系型数据库管理系统,开发者为瑞典MySQLAB公司,在2008年1月16号被Sun公司收购。MySQL被广泛地应用在 Internet上的中小型网站中。由于其体积小、速度快、总体拥有成本低,尤其是开放源码这一特点,许多中小型网站为了降低网站总体拥有成本而选择了 MySQL作为网站数据库。
        MySQL 4.0.23及之前版本、4.1.x的4.1.10之前版本、5.0.x的5.0.3之前版本以及其他版本含3.x版中的mysqlaccess脚本使得本地用户可以通过对临时文件发起symlink攻击来重写任意文件或读取临时文件。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Sun Solaris 10.0_x86
        Sun 120292-01
        http://sunsolve.sun.com/search/document.do?assetkey=1-21-120292-01-1
        Sun 120293-01
        http://sunsolve.sun.com/search/document.do?assetkey=1-21-120293-01-1
        Sun Solaris 10
        Sun 120292-01
        http://sunsolve.sun.com/search/document.do?assetkey=1-21-120292-01-1
        Sun 120293-01
        http://sunsolve.sun.com/search/document.do?assetkey=1-21-120293-01-1
        MySQL AB MySQL 4.0.15
        Conectiva libmysqlclient-devel-4.0.15-62448U10_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/10/RPMS/libmysqlclient-devel-4.0.1 5-62448U10_3cl.i386.rpm
        Conectiva libmysqlclient-devel-static-4.0.15-62448U10_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/10/RPMS/libmysqlclient-devel-stati c-4.0.15-62448U10_3cl.i386.rpm
        Conectiva libmysqlclient12-4.0.15-62448U10_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/10/RPMS/libmysqlclient12-4.0.15-62 448U10_3cl.i386.rpm
        Conectiva mysql-4.0.15-62448U10_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/10/RPMS/mysql-4.0.15-62448U10_3cl. i386.rpm
        Conectiva mysql-bench-4.0.15-62448U10_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/10/RPMS/mysql-bench-4.0.15-62448U1 0_3cl.i386.rpm
        Conectiva mysql-client-4.0.15-62448U10_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/10/RPMS/mysql-client-4.0.15-62448U 10_3cl.i386.rpm
        Conectiva mysql-doc-4.0.15-62448U10_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/10/RPMS/mysql-doc-4.0.15-62448U10_ 3cl.i386.rpm
        MySQL AB MySQL 4.0.18
        Mandrake lib64mysql12-4.0.18-1.3.100mdk.amd64.rpm
        Mandrake Linux 10.0/AMD64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake lib64mysql12-4.0.18-1.3.C30mdk.x86_64.rpm
        Mandrake Corporate Server 3.0/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake lib64mysql12-devel-4.0.18-1.3.100mdk.amd64.rpm
        Mandrake Linux 10.0/AMD64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake lib64mysql12-devel-4.0.18-1.3.C30mdk.x86_64.rpm
        Mandrake Corporate Server 3.0/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake libmysql12-4.0.18-1.3.100mdk.i586.rpm
        Mandrake Linux 10.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake libmysql12-4.0.18-1.3.C30mdk.i586.rpm
        Mandrake Corporate Server 3.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake libmysql12-devel-4.0.18-1.3.100mdk.i586.rpm
        Mandrake Linux 10.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake libmysql12-devel-4.0.18-1.3.C30mdk.i586.rpm
        Mandrake Corporate Server 3.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-4.0.18-1.3.100mdk.amd64.rpm
        Mandrake Linux 10.0/AMD64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-4.0.18-1.3.100mdk.i586.rpm
        Mandrake Linux 10.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-4.0.18-1.3.C30mdk.i586.rpm
        Mandrake Corporate Server 3.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-4.0.18-1.3.C30mdk.x86_64.rpm
        Mandrake Corporate Server 3.0/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-bench-4.0.18-1.3.100mdk.amd64.rpm
        Mandrake Linux 10.0/AMD64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-bench-4.0.18-1.3.100mdk.i586.rpm
        Mandrake Linux 10.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-bench-4.0.18-1.3.C30mdk.i586.rpm
        Mandrake Corporate Server 3.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-bench-4.0.18-1.3.C30mdk.x86_64.rpm
        Mandrake Corporate Server 3.0/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-client-4.0.18-1.3.100mdk.amd64.rpm
        Mandrake Linux 10.0/AMD64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-client-4.0.18-1.3.100mdk.i586.rpm
        Mandrake Linux 10.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-client-4.0.18-1.3.C30mdk.i586.rpm
        Mandrake Corporate Server 3.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-client-4.0.18-1.3.C30mdk.x86_64.rpm
        Mandrake Corporate Server 3.0/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-common-4.0.18-1.3.100mdk.amd64.rpm
        Mandrake Linux 10.0/AMD64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-common-4.0.18-1.3.100mdk.i586.rpm
        Mandrake Linux 10.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-common-4.0.18-1.3.C30mdk.i586.rpm
        Mandrake Corporate Server 3.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-common-4.0.18-1.3.C30mdk.x86_64.rpm
        Mandrake Corporate Server 3.0/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-Max-4.0.18-1.3.100mdk.amd64.rpm
        Mandrake Linux 10.0/AMD64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-Max-4.0.18-1.3.100mdk.i586.rpm
        Mandrake Linux 10.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-Max-4.0.18-1.3.C30mdk.i586.rpm
        Mandrake Corporate Server 3.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-Max-4.0.18-1.3.C30mdk.x86_64.rpm
        Mandrake Corporate Server 3.0/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        MySQL AB MySQL 4.0.20
        Mandrake lib64mysql12-4.0.20-3.2.101mdk.x86_64.rpm
        Mandrake Linux 10.1/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake lib64mysql12-devel-4.0.20-3.2.101mdk.x86_64.rpm
        Mandrake Linux 10.1/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake libmysql12-4.0.20-3.2.101mdk.i586.rpm
        Mandrake Linux 10.1
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake libmysql12-devel-4.0.20-3.2.101mdk.i586.rpm
        Mandrake Linux 10.1
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-4.0.20-3.2.101mdk.i586.rpm
        Mandrake Linux 10.1
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-4.0.20-3.2.101mdk.x86_64.rpm
        Mandrake Linux 10.1/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-bench-4.0.20-3.2.101mdk.i586.rpm
        Mandrake Linux 10.1
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-bench-4.0.20-3.2.101mdk.x86_64.rpm
        Mandrake Linux 10.1/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-client-4.0.20-3.2.101mdk.i586.rpm
        Mandrake Linux 10.1
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-client-4.0.20-3.2.101mdk.x86_64.rpm
        Mandrake Linux 10.1/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-common-4.0.20-3.2.101mdk.i586.rpm
        Mandrake Linux 10.1
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-common-4.0.20-3.2.101mdk.x86_64.rpm
        Mandrake Linux 10.1/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-Max-4.0.20-3.2.101mdk.i586.rpm
        Mandrake Linux 10.1
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake MySQL-Max-4.0.20-3.2.101mdk.x86_64.rpm
        Mandrake Linux 10.1/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Ubuntu libmysqlclient-dev_4.0.20-2ubuntu1.2_amd64.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclien t-dev_4.0.20-2ubuntu1.2_amd64.deb
        Ubuntu libmysqlclient-dev_4.0.20-2ubuntu1.2_i386.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclien t-dev_4.0.20-2ubuntu1.2_i386.deb
        Ubuntu libmysqlclient-dev_4.0.20-2ubuntu1.2_powerpc.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclien t-dev_4.0.20-2ubuntu1.2_powerpc.deb
        Ubuntu libmysqlclient12_4.0.20-2ubuntu1.2_amd64.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclien t12_4.0.20-2ubuntu1.2_amd64.deb
        Ubuntu libmysqlclient12_4.0.20-2ubuntu1.2_i386.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclien t12_4.0.20-2ubuntu1.2_i386.deb
        Ubuntu libmysqlclient12_4.0.20-2ubuntu1.2_powerpc.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclien t12_4.0.20-2ubuntu1.2_powerpc.deb
        Ubuntu mysql-client_4.0.20-2ubuntu1.2_amd64.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_ 4.0.20-2ubuntu1.2_amd64.deb
        Ubuntu mysql-client_4.0.20-2ubuntu1.2_i386.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_ 4.0.20-2ubuntu1.2_i386.deb
        Ubuntu mysql-client_4.0.20-2ubuntu1.2_powerpc.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_ 4.0.20-2ubuntu1.2_powerpc.deb
        Ubuntu mysql-common_4.0.20-2ubuntu1.2_all.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_ 4.0.20-2ubuntu1.2_all.deb
        Ubuntu mys

- 漏洞信息 (F35816)

dsa-647.txt (PacketStormID:F35816)
2005-01-22 00:00:00
 
advisory,arbitrary,root
linux,debian
CVE-2005-0004
[点击下载]

Debian Security Advisory 647-1 - Javier Fernandez-Sanguino Pena from the Debian Security Audit Project discoverd a temporary file vulnerability in the mysqlaccess script of MySQL that could allow an unprivileged user to let root overwrite arbitrary files via a symlink attack and could also could unveil the contents of a temporary file which might contain sensitive information.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 647-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 19th, 2005                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mysql
Vulnerability  : insecure temporary files
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2005-0004

Javier Fernandez-Sanguino Pena from the Debian Security Audit Project
discoverd a temporary file vulnerability in the mysqlaccess script of
MySQL that could allow an unprivileged user to let root overwrite
arbitrary files via a symlink attack and could also could unveil the
contents of a temporary file which might contain sensitive
information.

For the stable distribution (woody) this problem has been fixed in
version 3.23.49-8.9.

For the unstable distribution (sid) this problem has been fixed in
version 4.0.23-3 of mysql-dfsg and in version 4.1.8a-6 of
mysql-dfsg-4.1.

We recommend that you upgrade your mysql packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.9.dsc
      Size/MD5 checksum:      875 943c6c647b130518c2a6c96bcb9c4031
    http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.9.diff.gz
      Size/MD5 checksum:    68320 7c46ef730e9c81c554b6d511481c02b7
    http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz
      Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a

  Architecture independent components:

    http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.9_all.deb
      Size/MD5 checksum:    17484 9c6cf59a839d3fc25a74f164358008e2
    http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb
      Size/MD5 checksum:  1962992 a4cacebaadf9d5988da0ed1a336b48e6

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_alpha.deb
      Size/MD5 checksum:   278304 345708861734203ea2b8539c08a522a5
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_alpha.deb
      Size/MD5 checksum:   779380 fa6bc20e561e5022eedc5dcd69715a27
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_alpha.deb
      Size/MD5 checksum:   164116 f71397420366e10b5baf839658611271
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_alpha.deb
      Size/MD5 checksum:  3635240 09c8c082c5bb1a5aec7fc55bebc0bcd6

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_arm.deb
      Size/MD5 checksum:   238910 874cde30bec50e22aec0d66b163b5d60
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_arm.deb
      Size/MD5 checksum:   635228 2cde5c1d7b306ad42b57a0cf26980546
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_arm.deb
      Size/MD5 checksum:   124520 4a625fd5ba3b3f28cc13ebf65c2a1afb
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_arm.deb
      Size/MD5 checksum:  2806914 3d001b9b0c0cb886e145d0bd39af870f

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_i386.deb
      Size/MD5 checksum:   235264 44202de31efe2267b50a0e24fb8ee3fd
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_i386.deb
      Size/MD5 checksum:   577118 081914b6293637cedc177b4c10671796
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_i386.deb
      Size/MD5 checksum:   123080 0d35e7a8bd5f5ae806c55a2a12aa6ac1
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_i386.deb
      Size/MD5 checksum:  2800998 e2af0992c6a9921dfc864e75c1495258

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_ia64.deb
      Size/MD5 checksum:   315628 29091ddf30d6c12f777f53cec06b740b
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_ia64.deb
      Size/MD5 checksum:   849066 aa2f4e5c92fc2779c3072c85d68ffb5f
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_ia64.deb
      Size/MD5 checksum:   174356 b4e35c1cbe4726f3abdeb5b159027c29
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_ia64.deb
      Size/MD5 checksum:  4000374 bc43f76d2bde3d546f4d0c3a5066a641

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_hppa.deb
      Size/MD5 checksum:   281234 342cd7fccbb64631bf655cb7952e90c1
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_hppa.deb
      Size/MD5 checksum:   744302 546d8e2ba4c48c8936be30396dbedab2
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_hppa.deb
      Size/MD5 checksum:   141156 0b4874c0a5e0961dc6027ed24bd2a6f9
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_hppa.deb
      Size/MD5 checksum:  3515058 335d0afef63d0abc18e20ad760bd70b1

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_m68k.deb
      Size/MD5 checksum:   228298 ace3b33157e09b2b78e23bd945cc56a5
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_m68k.deb
      Size/MD5 checksum:   558298 b8c4e5656cc5a4208875740ed1b17aa9
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_m68k.deb
      Size/MD5 checksum:   118952 ce85668f7070bcd748aad870c72aa150
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_m68k.deb
      Size/MD5 checksum:  2647058 02d740546dc1690a604225d5e37cc99b

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_mips.deb
      Size/MD5 checksum:   251516 9f7505c8797f0f36272449ea8b416ce6
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_mips.deb
      Size/MD5 checksum:   689502 3bd49b0204f94da6a254dee9f0dfd778
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_mips.deb
      Size/MD5 checksum:   134466 4dd241930eaec445b5ef90aa68f7d4ab
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_mips.deb
      Size/MD5 checksum:  2848984 c5b09b6786844a747c8b8cef395dfac4

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_mipsel.deb
      Size/MD5 checksum:   251192 73d7c69f49a13e8e3592310c2bc675e0
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_mipsel.deb
      Size/MD5 checksum:   689122 f13325c3394b0385c76d289d886f165f
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_mipsel.deb
      Size/MD5 checksum:   134828 6d0e79f252d1cd3048ce3367aa200636
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_mipsel.deb
      Size/MD5 checksum:  2839732 499551d692fc5d80fd16c43e83e19201

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_powerpc.deb
      Size/MD5 checksum:   248344 d2fbd5ac1b1ce08963b38c276297f8fb
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_powerpc.deb
      Size/MD5 checksum:   653252 eefbee85063e49943d26b4e4f278343a
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_powerpc.deb
      Size/MD5 checksum:   130004 33fb65f2e7d3e0b3681dc2ab8dc72762
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_powerpc.deb
      Size/MD5 checksum:  2823828 29fa73043be8ec6caa52c65719fd9fc0

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_s390.deb
      Size/MD5 checksum:   250630 e37efa3ab7dc647355c3525940f1e580
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_s390.deb
      Size/MD5 checksum:   607800 31a8eb384c66765e82f8330e20e9abb8
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_s390.deb
      Size/MD5 checksum:   126984 cc938da5903e7d7f22da55c88bdaa552
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_s390.deb
      Size/MD5 checksum:  2691598 e944a61e4f832a410ef48a6ef1fafa36

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_sparc.deb
      Size/MD5 checksum:   241812 f2996905943eaa9e4a04c842623cb4ce
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_sparc.deb
      Size/MD5 checksum:   616256 251bda8bfc97c7d216faa1e0e174d4b6
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_sparc.deb
      Size/MD5 checksum:   130942 372c0534b98507f3ecdcb3944c2f8a92
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_sparc.deb
      Size/MD5 checksum:  2940408 38cd0279c75c8968a50b2742e810f484


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFB7kiVW5ql+IAeqTIRAg/BAJsF1DCuuXP8Wk6lnip//ASMZ5EK2wCfSX8E
wnnfVXxjBAgUf/iOH0byV30=
=CN3K
-----END PGP SIGNATURE-----

    

- 漏洞信息

13013
MySQL mysqlaccess.sh Symlink Arbitrary File Manipulation
Local Access Required Input Manipulation, Race Condition
Loss of Integrity Upgrade
Exploit Unknown Vendor Verified

- 漏洞描述

- 时间线

2005-01-17 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 4.1.10 or 5.0.3 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

MySQL Database MySQLAccess Local Insecure Temporary File Creation Vulnerability
Design Error 12277
No Yes
2005-01-17 12:00:00 2009-07-12 10:06:00
Javier Fernández-Sanguino Peña is credited with the discovery of this issue.

- 受影响的程序版本

Sun Solaris 10.0_x86
Sun Solaris 10
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
Red Hat Fedora Core1
MySQL AB MySQL 4.1.5
MySQL AB MySQL 4.1.4
MySQL AB MySQL 4.1.3 -beta
MySQL AB MySQL 4.1.3 -beta
MySQL AB MySQL 4.1.3 -0
MySQL AB MySQL 4.1.2 -alpha
MySQL AB MySQL 4.0.21
MySQL AB MySQL 4.0.20
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
MySQL AB MySQL 4.0.18
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
MySQL AB MySQL 4.0.15
+ Conectiva Linux 10.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ OpenPKG OpenPKG Current
MySQL AB MySQL 4.0.14
+ OpenPKG OpenPKG 1.3
+ OpenPKG OpenPKG Current
+ Trustix Secure Linux 2.0
MySQL AB MySQL 4.0.13
MySQL AB MySQL 4.0.12
MySQL AB MySQL 4.0.11 -gamma
MySQL AB MySQL 4.0.11
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
MySQL AB MySQL 4.0.10
MySQL AB MySQL 4.0.9 -gamma
MySQL AB MySQL 4.0.9
MySQL AB MySQL 4.0.8 -gamma
MySQL AB MySQL 4.0.8
MySQL AB MySQL 4.0.7 -gamma
MySQL AB MySQL 4.0.7
MySQL AB MySQL 4.0.6
MySQL AB MySQL 4.0.5 a
MySQL AB MySQL 4.0.5
MySQL AB MySQL 4.0.4
MySQL AB MySQL 4.0.3
MySQL AB MySQL 4.0.2
MySQL AB MySQL 4.0.1
MySQL AB MySQL 4.0 .0
MySQL AB MySQL 4.1.0.0-alpha
MySQL AB MySQL 4.1.0-0
Gentoo Linux
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha

- 漏洞讨论

A local insecure temporary file creation vulnerability affects the MySQL Database. This issue is due to a failure of a script bundled with the application to securely create temporary files in globally accessible locations.

An attacker may leverage this issue to corrupt arbitrary files with the privileges of the user that activates the vulnerable script.

- 漏洞利用

No exploit is required to leverage this issue.

- 解决方案

Ubuntu has released advisory USN-63-1 to address this issue. Please see the referenced advisory for more information.

Debian has released an additional security advisory (DSA 647-1) and fixes to address this vulnerability. Customers are advised to see the referenced advisory for further details regarding obtaining and applying appropriate updates.

Gentoo Linux has released advisory GLSA 200501-33 to address this issue. Users of affected packages are urged to execute the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=dev-db/mysql-4.0.22-r2"
Please see the referenced advisory for further information.

Mandrake has released advisory MDKSA-2005:036 to address this vulnerability. Please see the attached advisory for details on obtaining and applying fixes.

A Fedora Legacy advisory FLSA:2129 is available to address this issue in Red Hat Linux 7.3, Red Hat Linux 9, and Fedora Core 1 for the i386 architecture. Please see the referenced advisory for more information.

Conectiva Linux has released advisory CLA-2005:947 along with fixes dealing with this issue. Please see the referenced advisory for more information.

OpenPKG has released advisory OpenPKG-SA-2005.006 and fixes for this issue. Please see the referenced advisory for information on obtaining the fixed packages.

Sun has released a security advisory (Sun Alert ID: 101864) addressing this and other issues in MySQL for Solaris 10. Please see the referenced advisory for further information.


Sun Solaris 10.0_x86

Sun Solaris 10

MySQL AB MySQL 4.0.15

MySQL AB MySQL 4.0.18

MySQL AB MySQL 4.0.20

MySQL AB MySQL 4.0.21

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站