MySQL Database MySQLAccess Local Insecure Temporary File Creation Vulnerability
BID:12277
Info
MySQL Database MySQLAccess Local Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 12277 |
| Class: | Design Error |
| CVE: |
CVE-2005-0004 |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 17 2005 12:00AM |
| Updated: | Jul 12 2009 10:06AM |
| Credit: | Javier Fernández-Sanguino Peña is credited with the discovery of this issue. |
| Vulnerable: |
Sun Solaris 10.0_x86 Sun Solaris 10 Redhat Linux 9.0 i386 Redhat Linux 7.3 i386 Redhat Fedora Core1 MySQL AB MySQL 4.1.5 MySQL AB MySQL 4.1.4 MySQL AB MySQL 4.1.3 -beta MySQL AB MySQL 4.1.3 -beta MySQL AB MySQL 4.1.3 -0 MySQL AB MySQL 4.1.2 -alpha MySQL AB MySQL 4.0.21 MySQL AB MySQL 4.0.20 MySQL AB MySQL 4.0.18 MySQL AB MySQL 4.0.15 MySQL AB MySQL 4.0.14 MySQL AB MySQL 4.0.13 MySQL AB MySQL 4.0.12 MySQL AB MySQL 4.0.11 -gamma MySQL AB MySQL 4.0.11 MySQL AB MySQL 4.0.10 MySQL AB MySQL 4.0.9 -gamma MySQL AB MySQL 4.0.9 MySQL AB MySQL 4.0.8 -gamma MySQL AB MySQL 4.0.8 MySQL AB MySQL 4.0.7 -gamma MySQL AB MySQL 4.0.7 MySQL AB MySQL 4.0.6 MySQL AB MySQL 4.0.5 a MySQL AB MySQL 4.0.5 MySQL AB MySQL 4.0.4 MySQL AB MySQL 4.0.3 MySQL AB MySQL 4.0.2 MySQL AB MySQL 4.0.1 MySQL AB MySQL 4.0 .0 MySQL AB MySQL 4.1.0.0-alpha MySQL AB MySQL 4.1.0-0 Gentoo Linux Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia-64 Debian Linux 3.0 ia-32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha |
| Not Vulnerable: | |
Discussion
MySQL Database MySQLAccess Local Insecure Temporary File Creation Vulnerability
A local insecure temporary file creation vulnerability affects the MySQL Database. This issue is due to a failure of a script bundled with the application to securely create temporary files in globally accessible locations.
An attacker may leverage this issue to corrupt arbitrary files with the privileges of the user that activates the vulnerable script.
A local insecure temporary file creation vulnerability affects the MySQL Database. This issue is due to a failure of a script bundled with the application to securely create temporary files in globally accessible locations.
An attacker may leverage this issue to corrupt arbitrary files with the privileges of the user that activates the vulnerable script.
Exploit / POC
MySQL Database MySQLAccess Local Insecure Temporary File Creation Vulnerability
No exploit is required to leverage this issue.
No exploit is required to leverage this issue.
Solution / Fix
MySQL Database MySQLAccess Local Insecure Temporary File Creation Vulnerability
Solution:
Ubuntu has released advisory USN-63-1 to address this issue. Please see the referenced advisory for more information.
Debian has released an additional security advisory (DSA 647-1) and fixes to address this vulnerability. Customers are advised to see the referenced advisory for further details regarding obtaining and applying appropriate updates.
Gentoo Linux has released advisory GLSA 200501-33 to address this issue. Users of affected packages are urged to execute the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=dev-db/mysql-4.0.22-r2"
Please see the referenced advisory for further information.
Mandrake has released advisory MDKSA-2005:036 to address this vulnerability. Please see the attached advisory for details on obtaining and applying fixes.
A Fedora Legacy advisory FLSA:2129 is available to address this issue in Red Hat Linux 7.3, Red Hat Linux 9, and Fedora Core 1 for the i386 architecture. Please see the referenced advisory for more information.
Conectiva Linux has released advisory CLA-2005:947 along with fixes dealing with this issue. Please see the referenced advisory for more information.
OpenPKG has released advisory OpenPKG-SA-2005.006 and fixes for this issue. Please see the referenced advisory for information on obtaining the fixed packages.
Sun has released a security advisory (Sun Alert ID: 101864) addressing this and other issues in MySQL for Solaris 10. Please see the referenced advisory for further information.
Sun Solaris 10.0_x86
Sun Solaris 10
MySQL AB MySQL 4.0.15
MySQL AB MySQL 4.0.18
MySQL AB MySQL 4.0.20
MySQL AB MySQL 4.0.21
Solution:
Ubuntu has released advisory USN-63-1 to address this issue. Please see the referenced advisory for more information.
Debian has released an additional security advisory (DSA 647-1) and fixes to address this vulnerability. Customers are advised to see the referenced advisory for further details regarding obtaining and applying appropriate updates.
Gentoo Linux has released advisory GLSA 200501-33 to address this issue. Users of affected packages are urged to execute the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=dev-db/mysql-4.0.22-r2"
Please see the referenced advisory for further information.
Mandrake has released advisory MDKSA-2005:036 to address this vulnerability. Please see the attached advisory for details on obtaining and applying fixes.
A Fedora Legacy advisory FLSA:2129 is available to address this issue in Red Hat Linux 7.3, Red Hat Linux 9, and Fedora Core 1 for the i386 architecture. Please see the referenced advisory for more information.
Conectiva Linux has released advisory CLA-2005:947 along with fixes dealing with this issue. Please see the referenced advisory for more information.
OpenPKG has released advisory OpenPKG-SA-2005.006 and fixes for this issue. Please see the referenced advisory for information on obtaining the fixed packages.
Sun has released a security advisory (Sun Alert ID: 101864) addressing this and other issues in MySQL for Solaris 10. Please see the referenced advisory for further information.
Sun Solaris 10.0_x86
-
Sun 120292-01
http://sunsolve.sun.com/search/document.do?assetkey=1-21-120292-01-1 -
Sun 120293-01
http://sunsolve.sun.com/search/document.do?assetkey=1-21-120293-01-1
Sun Solaris 10
-
Sun 120292-01
http://sunsolve.sun.com/search/document.do?assetkey=1-21-120292-01-1 -
Sun 120293-01
http://sunsolve.sun.com/search/document.do?assetkey=1-21-120293-01-1
MySQL AB MySQL 4.0.15
-
Conectiva libmysqlclient-devel-4.0.15-62448U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libmysqlclient-devel-4.0.1 5-62448U10_3cl.i386.rpm -
Conectiva libmysqlclient-devel-static-4.0.15-62448U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libmysqlclient-devel-stati c-4.0.15-62448U10_3cl.i386.rpm -
Conectiva libmysqlclient12-4.0.15-62448U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libmysqlclient12-4.0.15-62 448U10_3cl.i386.rpm -
Conectiva mysql-4.0.15-62448U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mysql-4.0.15-62448U10_3cl. i386.rpm -
Conectiva mysql-bench-4.0.15-62448U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mysql-bench-4.0.15-62448U1 0_3cl.i386.rpm -
Conectiva mysql-client-4.0.15-62448U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mysql-client-4.0.15-62448U 10_3cl.i386.rpm -
Conectiva mysql-doc-4.0.15-62448U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mysql-doc-4.0.15-62448U10_ 3cl.i386.rpm
MySQL AB MySQL 4.0.18
-
Mandrake lib64mysql12-4.0.18-1.3.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64mysql12-4.0.18-1.3.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64mysql12-devel-4.0.18-1.3.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64mysql12-devel-4.0.18-1.3.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libmysql12-4.0.18-1.3.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libmysql12-4.0.18-1.3.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libmysql12-devel-4.0.18-1.3.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libmysql12-devel-4.0.18-1.3.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-4.0.18-1.3.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-4.0.18-1.3.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-4.0.18-1.3.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-4.0.18-1.3.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-bench-4.0.18-1.3.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-bench-4.0.18-1.3.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-bench-4.0.18-1.3.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-bench-4.0.18-1.3.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-client-4.0.18-1.3.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-client-4.0.18-1.3.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-client-4.0.18-1.3.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-client-4.0.18-1.3.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-common-4.0.18-1.3.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-common-4.0.18-1.3.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-common-4.0.18-1.3.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-common-4.0.18-1.3.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-Max-4.0.18-1.3.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-Max-4.0.18-1.3.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-Max-4.0.18-1.3.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-Max-4.0.18-1.3.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php
MySQL AB MySQL 4.0.20
-
Mandrake lib64mysql12-4.0.20-3.2.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64mysql12-devel-4.0.20-3.2.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libmysql12-4.0.20-3.2.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libmysql12-devel-4.0.20-3.2.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-4.0.20-3.2.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-4.0.20-3.2.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-bench-4.0.20-3.2.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-bench-4.0.20-3.2.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-client-4.0.20-3.2.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-client-4.0.20-3.2.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-common-4.0.20-3.2.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-common-4.0.20-3.2.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-Max-4.0.20-3.2.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake MySQL-Max-4.0.20-3.2.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Ubuntu libmysqlclient-dev_4.0.20-2ubuntu1.2_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclien t-dev_4.0.20-2ubuntu1.2_amd64.deb -
Ubuntu libmysqlclient-dev_4.0.20-2ubuntu1.2_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclien t-dev_4.0.20-2ubuntu1.2_i386.deb -
Ubuntu libmysqlclient-dev_4.0.20-2ubuntu1.2_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclien t-dev_4.0.20-2ubuntu1.2_powerpc.deb -
Ubuntu libmysqlclient12_4.0.20-2ubuntu1.2_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclien t12_4.0.20-2ubuntu1.2_amd64.deb -
Ubuntu libmysqlclient12_4.0.20-2ubuntu1.2_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclien t12_4.0.20-2ubuntu1.2_i386.deb -
Ubuntu libmysqlclient12_4.0.20-2ubuntu1.2_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclien t12_4.0.20-2ubuntu1.2_powerpc.deb -
Ubuntu mysql-client_4.0.20-2ubuntu1.2_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_ 4.0.20-2ubuntu1.2_amd64.deb -
Ubuntu mysql-client_4.0.20-2ubuntu1.2_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_ 4.0.20-2ubuntu1.2_i386.deb -
Ubuntu mysql-client_4.0.20-2ubuntu1.2_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_ 4.0.20-2ubuntu1.2_powerpc.deb -
Ubuntu mysql-common_4.0.20-2ubuntu1.2_all.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_ 4.0.20-2ubuntu1.2_all.deb -
Ubuntu mysql-server_4.0.20-2ubuntu1.2_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_ 4.0.20-2ubuntu1.2_amd64.deb -
Ubuntu mysql-server_4.0.20-2ubuntu1.2_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_ 4.0.20-2ubuntu1.2_i386.deb -
Ubuntu mysql-server_4.0.20-2ubuntu1.2_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_ 4.0.20-2ubuntu1.2_powerpc.deb
MySQL AB MySQL 4.0.21
-
OpenPKG mysql-4.0.21-2.2.2.src.rpm
ftp://ftp.openpkg.org/release/2.2/UPD/mysql-4.0.21-2.2.2.src.rpm
References
MySQL Database MySQLAccess Local Insecure Temporary File Creation Vulnerability
References:
References:
- MySQL Homepage (Oracle)
- Sun Alert ID: 101864 (Sun)