© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f33e652
(Get the code!)
Message-Id: <20050311092325
Date: Fri, 11 Mar 2005 10:23:25 +0100
From: Moritz Muehlenhoff <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: Mysql insecure temporary file creation with CREATE TEMPORARY TABLE privilege
escalation
Package: mysql-dfsg
Version: unavailable; reported 2005-03-11
Severity: grave
Tags: security
Stefano Di Paola discovered that MySQL is vulnerable to a symlink attack
if an authenticated user has CREATE TEMPORARY TABLE privileges on any
existent database.
There does not seem to be a CVE assignment yet.
The full advisory can be found at:
http://
The advisory claims that MySQL has released a fix, and new upstream
releases (4.0.24 and 4.1.10a), which haven't appeared on mysql.com
yet.
Cheers,
Moritz
-- System Information:
Debian Release: 3.0
Architecture: i386
Kernel: Linux anton 2.4.29-univention.1 #1 SMP Thu Jan 27 17:08:46 CET 2005 i686
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro