Re: [SECURITY] [DSA 483-1] New mysql packages fix insecure temporary file creation
Hello On Mon, 19 Apr 2004 08:57:39 +0200 (CEST) Tomas Pospisek wrote: > * mysql unstable (4.0.18-4) changelog says: > > > Aplied fix for unprobable tempfile-symlink security problem in > > mysqlbug reported by Shaun Colley on bugtraq on 2004-03-24. > > but doesn't mention the CAN numbers. One upload has accidently not been uploaded, the current version in unstable should be 4.0.18-7 which fixes both bugs and also mentions the CAN numbers. > *t thanks, -christian- <[EMAIL PROTECTED]>
Re: [SECURITY] [DSA 483-1] New mysql packages fix insecure temporary file creation
Hello On Mon, 19 Apr 2004 08:57:39 +0200 (CEST) Tomas Pospisek wrote: > * mysql unstable (4.0.18-4) changelog says: > > > Aplied fix for unprobable tempfile-symlink security problem in > > mysqlbug reported by Shaun Colley on bugtraq on 2004-03-24. > > but doesn't mention the CAN numbers. One upload has accidently not been uploaded, the current version in unstable should be 4.0.18-7 which fixes both bugs and also mentions the CAN numbers. > *t thanks, -christian- <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 483-1] New mysql packages fix insecure temporary file creation
On Wed, 14 Apr 2004, Martin Schulze wrote: > CAN-2004-0381 > > The script mysqlbug in MySQL allows local users to overwrite > arbitrary files via a symlink attack. > > CAN-2004-0388 > > The script mysqld_multi in MySQL allows local users to overwrite > arbitrary files via a symlink attack. [...] > For the unstable distribution (sid) these problems will be fixed in > version 4.0.18-6 of mysql-dfsg. * mysql unstable (4.0.18-4) changelog says: > Aplied fix for unprobable tempfile-symlink security problem in > mysqlbug reported by Shaun Colley on bugtraq on 2004-03-24. but doesn't mention the CAN numbers. * mysql in unstable is currently at 4.0.18-5 * mysql's bugreports page doesn't show any open reports mentioning any unfixed. So what's the situation now with mysql in unstable?: - Is the bug mentioned in the advisory fixed in 4.0.18-5 and so the advisory wrong (should say "will be fixed in version 4.0.18-6 of mysql-dfsg") ... - or isn't it fixed at which moment I should open a bugreport against mysql? *t -- Tomas Pospisek http://sourcepole.com - Linux & Open Source Solutions
Re: [SECURITY] [DSA 483-1] New mysql packages fix insecure temporary file creation
On Wed, 14 Apr 2004, Martin Schulze wrote: > CAN-2004-0381 > > The script mysqlbug in MySQL allows local users to overwrite > arbitrary files via a symlink attack. > > CAN-2004-0388 > > The script mysqld_multi in MySQL allows local users to overwrite > arbitrary files via a symlink attack. [...] > For the unstable distribution (sid) these problems will be fixed in > version 4.0.18-6 of mysql-dfsg. * mysql unstable (4.0.18-4) changelog says: > Aplied fix for unprobable tempfile-symlink security problem in > mysqlbug reported by Shaun Colley on bugtraq on 2004-03-24. but doesn't mention the CAN numbers. * mysql in unstable is currently at 4.0.18-5 * mysql's bugreports page doesn't show any open reports mentioning any unfixed. So what's the situation now with mysql in unstable?: - Is the bug mentioned in the advisory fixed in 4.0.18-5 and so the advisory wrong (should say "will be fixed in version 4.0.18-6 of mysql-dfsg") ... - or isn't it fixed at which moment I should open a bugreport against mysql? *t -- Tomas Pospisek http://sourcepole.com - Linux & Open Source Solutions -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 483-1] New mysql packages fix insecure temporary file creation
Do we want to maintain local security as well as patching remote exploits? I suppose any attacker who gained unpriviledged local access could read all our data for the most part, although he wouldn't be able to cover his tracks as well without gaining root through a local exploit like this... On Wed, 2004-04-14 at 08:50, Martin Schulze wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > - -- > Debian Security Advisory DSA 483-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Martin Schulze > April 14th, 2004http://www.debian.org/security/faq > - -- > > Package: mysql > Vulnerability : insecure temporary file creation > Problem-Type : local > Debian-specific: no > CVE IDs: CAN-2004-0381 CAN-2004-0388 > Bugtraq ID : 9976 > > Two vulnerabilities have been discovered in mysql, a common database > system. Two scripts contained in the package don't create temporary > files in a secure fashion. This could allow a local attacker to > overwrite files with the privileges of the user invoking the MySQL > server, which is often the root user. The Common Vulnerabilities and > Exposures identifies the following problems: > > CAN-2004-0381 > > The script mysqlbug in MySQL allows local users to overwrite > arbitrary files via a symlink attack. > > CAN-2004-0388 > > The script mysqld_multi in MySQL allows local users to overwrite > arbitrary files via a symlink attack. > > For the stable distribution (woody) these problems have been fixed in > version 3.23.49-8.6. > > For the unstable distribution (sid) these problems will be fixed in > version 4.0.18-6 of mysql-dfsg. > > We recommend that you upgrade your mysql, mysql-dfsg and related > packages. > > > Upgrade Instructions > - > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > If you are using the apt-get package manager, use the line for > sources.list as given below: > > apt-get update > will update the internal database > apt-get upgrade > will install corrected packages > > You may use an automated update by adding the resources from the > footer to the proper configuration. > > > Debian GNU/Linux 3.0 alias woody > - > > Source archives: > > http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.6.dsc > Size/MD5 checksum: 875 5ddb12f783b137adb3713eb833b2b62c > > http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.6.diff.gz > Size/MD5 checksum:61688 651060d3e96cee5f78fa3a7627cd89a7 > > http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz > Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a > > Architecture independent components: > > > http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.6_all.deb > Size/MD5 checksum:16860 a38766469024146e445bff07f93e4954 > > Alpha architecture: > > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_alpha.deb > Size/MD5 checksum: 277662 54b823e4e25f4b8e260ac82539bdf84f > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_alpha.deb > Size/MD5 checksum: 778718 e8d82f4d6e32a14e01e076314a094b03 > > http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_alpha.deb > Size/MD5 checksum: 163476 5bc948ab4f6ce862ebf9a64f2f7b6042 > > http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_alpha.deb > Size/MD5 checksum: 3634384 9d6e3871dfa018a87a516188e58dabfb > > ARM architecture: > > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_arm.deb > Size/MD5 checksum: 238300 9caaa0c9a0d9909ef403f791c8ccf137 > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_arm.deb > Size/MD5 checksum: 634574 afc1a6cb70f1581a72b2f5904f8abf14 > > http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_arm.deb > Size/MD5 checksum: 123878 facc6f6326dc1080019fe54e7516c44a > > http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_arm.deb > Size/MD5 checksum: 2805988 c38af448095a9358fe292f41c7f44fb1 > > Intel IA-32 architecture: > > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_i386.deb > Size/MD5 checksum: 234634 5952137d0b86f6bfefd709ebfc0c624d > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_i386.deb > Size/MD5 checksum: 576560 f8f9089209da42c1134f0157e62b4
Re: [SECURITY] [DSA 483-1] New mysql packages fix insecure temporary file creation
Do we want to maintain local security as well as patching remote exploits? I suppose any attacker who gained unpriviledged local access could read all our data for the most part, although he wouldn't be able to cover his tracks as well without gaining root through a local exploit like this... On Wed, 2004-04-14 at 08:50, Martin Schulze wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > - -- > Debian Security Advisory DSA 483-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Martin Schulze > April 14th, 2004http://www.debian.org/security/faq > - -- > > Package: mysql > Vulnerability : insecure temporary file creation > Problem-Type : local > Debian-specific: no > CVE IDs: CAN-2004-0381 CAN-2004-0388 > Bugtraq ID : 9976 > > Two vulnerabilities have been discovered in mysql, a common database > system. Two scripts contained in the package don't create temporary > files in a secure fashion. This could allow a local attacker to > overwrite files with the privileges of the user invoking the MySQL > server, which is often the root user. The Common Vulnerabilities and > Exposures identifies the following problems: > > CAN-2004-0381 > > The script mysqlbug in MySQL allows local users to overwrite > arbitrary files via a symlink attack. > > CAN-2004-0388 > > The script mysqld_multi in MySQL allows local users to overwrite > arbitrary files via a symlink attack. > > For the stable distribution (woody) these problems have been fixed in > version 3.23.49-8.6. > > For the unstable distribution (sid) these problems will be fixed in > version 4.0.18-6 of mysql-dfsg. > > We recommend that you upgrade your mysql, mysql-dfsg and related > packages. > > > Upgrade Instructions > - > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > If you are using the apt-get package manager, use the line for > sources.list as given below: > > apt-get update > will update the internal database > apt-get upgrade > will install corrected packages > > You may use an automated update by adding the resources from the > footer to the proper configuration. > > > Debian GNU/Linux 3.0 alias woody > - > > Source archives: > > http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.6.dsc > Size/MD5 checksum: 875 5ddb12f783b137adb3713eb833b2b62c > http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.6.diff.gz > Size/MD5 checksum:61688 651060d3e96cee5f78fa3a7627cd89a7 > http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz > Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a > > Architecture independent components: > > > http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.6_all.deb > Size/MD5 checksum:16860 a38766469024146e445bff07f93e4954 > > Alpha architecture: > > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_alpha.deb > Size/MD5 checksum: 277662 54b823e4e25f4b8e260ac82539bdf84f > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_alpha.deb > Size/MD5 checksum: 778718 e8d82f4d6e32a14e01e076314a094b03 > > http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_alpha.deb > Size/MD5 checksum: 163476 5bc948ab4f6ce862ebf9a64f2f7b6042 > > http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_alpha.deb > Size/MD5 checksum: 3634384 9d6e3871dfa018a87a516188e58dabfb > > ARM architecture: > > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_arm.deb > Size/MD5 checksum: 238300 9caaa0c9a0d9909ef403f791c8ccf137 > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_arm.deb > Size/MD5 checksum: 634574 afc1a6cb70f1581a72b2f5904f8abf14 > > http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_arm.deb > Size/MD5 checksum: 123878 facc6f6326dc1080019fe54e7516c44a > > http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_arm.deb > Size/MD5 checksum: 2805988 c38af448095a9358fe292f41c7f44fb1 > > Intel IA-32 architecture: > > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_i386.deb > Size/MD5 checksum: 234634 5952137d0b86f6bfefd709ebfc0c624d > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_i386.deb > Size/MD5 checksum: 576560 f8f9089209da42c1134f0157e62b4e49 >
