Mysql insecure temporary file creation with CREATE TEMPORARY TABLE privilege escalation
Bug #13803 reported by
Debian Bug Importer
This bug report is a duplicate of:
Bug #13818: MySQL Privilege Escalation and Command Execution Vulnerabilities.
Edit
Remove
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mysql-dfsg (Debian) |
Fix Released
|
Unknown
|
|||
mysql-dfsg (Ubuntu) |
Invalid
|
High
|
Martin Pitt |
Bug Description
Automatically imported from Debian bug report #299029 http://
Changed in mysql-dfsg: | |
status: | Unknown → Fix Released |
To post a comment you must log in.
Message-Id: <20050311092325 .38EB7B72BC@ anton>
Date: Fri, 11 Mar 2005 10:23:25 +0100
From: Moritz Muehlenhoff <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: Mysql insecure temporary file creation with CREATE TEMPORARY TABLE privilege
escalation
Package: mysql-dfsg
Version: unavailable; reported 2005-03-11
Severity: grave
Tags: security
Stefano Di Paola discovered that MySQL is vulnerable to a symlink attack
if an authenticated user has CREATE TEMPORARY TABLE privileges on any
existent database.
There does not seem to be a CVE assignment yet. archives. neohapsis. com/archives/ vulnwatch/ 2005-q1/ 0082.html
The full advisory can be found at:
http://
The advisory claims that MySQL has released a fix, and new upstream
releases (4.0.24 and 4.1.10a), which haven't appeared on mysql.com
yet.
Cheers,
Moritz
-- System Information:
Debian Release: 3.0
Architecture: i386
Kernel: Linux anton 2.4.29-univention.1 #1 SMP Thu Jan 27 17:08:46 CET 2005 i686
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro