LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: Updated MySQL packages fix Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A temporary file vulnerability in the mysqlaccess script in MySQL was discovered by Javier Fernandez-Sanguino Pena. This flaw could allow an unprivileged user to let root overwrite arbitrary files via a symlink attack.
 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           MySQL
 Advisory ID:            MDKSA-2005:036
 Date:                   February 10th, 2005

 Affected versions:	 10.0, 10.1, Corporate 3.0,
			 Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 A temporary file vulnerability in the mysqlaccess script in MySQL was
 discovered by Javier Fernandez-Sanguino Pena.  This flaw could allow
 an unprivileged user to let root overwrite arbitrary files via a
 symlink attack.  It could also be used to view the contents of a
 temporary file which could contain sensitive information.
 
 The updated packages have been patched to prevent these problems.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0004
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 50574ec1c70d78d0b4f7da1bd7d7d380  10.0/RPMS/libmysql12-4.0.18-1.3.100mdk.i586.rpm
 25710d5c4844ca1d123944ac0861bc0f  10.0/RPMS/libmysql12-devel-4.0.18-1.3.100mdk.i586.rpm
 8c056d72fa1d02c231ed321bfa0108af  10.0/RPMS/libqt3-mysql-3.2.3-19.6.100mdk.i586.rpm
 94dcd13a633ef96a31b0f7da452afed1  10.0/RPMS/MySQL-4.0.18-1.3.100mdk.i586.rpm
 8df8f4a9d6cdce677d630ac134081898  10.0/RPMS/MySQL-Max-4.0.18-1.3.100mdk.i586.rpm
 bbe03440aa22bdf38204607f290915f8  10.0/RPMS/MySQL-bench-4.0.18-1.3.100mdk.i586.rpm
 64015efdb83f79c9a1fbedce63ea1f78  10.0/RPMS/MySQL-client-4.0.18-1.3.100mdk.i586.rpm
 5481c9bbc5daf2632c36f6dc7d2521c0  10.0/RPMS/MySQL-common-4.0.18-1.3.100mdk.i586.rpm
 2f8f209e44f7fbe18395e6e815e8cc5b  10.0/SRPMS/MySQL-4.0.18-1.3.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 38bc4a1e8a79ec174569dfdfa98f022d  amd64/10.0/RPMS/lib64mysql12-4.0.18-1.3.100mdk.amd64.rpm
 6c3eea8562548a88e80d98c40af4bc68  amd64/10.0/RPMS/lib64mysql12-devel-4.0.18-1.3.100mdk.amd64.rpm
 48feba0f77d5ead04e2226f50595494d  amd64/10.0/RPMS/lib64qt3-mysql-3.2.3-19.6.100mdk.amd64.rpm
 7bcddb4ae89e5f1934f272a4c4910dbe  amd64/10.0/RPMS/MySQL-4.0.18-1.3.100mdk.amd64.rpm
 c503b7cefabdfa0c49b658037190c6c5  amd64/10.0/RPMS/MySQL-Max-4.0.18-1.3.100mdk.amd64.rpm
 3815a6a61e37a70e63c3794c6d4ab807  amd64/10.0/RPMS/MySQL-bench-4.0.18-1.3.100mdk.amd64.rpm
 aaebba0d883e9abbb2bfa58b19b1a57e  amd64/10.0/RPMS/MySQL-client-4.0.18-1.3.100mdk.amd64.rpm
 353006ae3541483c666416679841c1f6  amd64/10.0/RPMS/MySQL-common-4.0.18-1.3.100mdk.amd64.rpm
 2f8f209e44f7fbe18395e6e815e8cc5b  amd64/10.0/SRPMS/MySQL-4.0.18-1.3.100mdk.src.rpm

 Mandrakelinux 10.1:
 bd3a35f3ba7440aa79f3940f20422b19  10.1/RPMS/libmysql12-4.0.20-3.2.101mdk.i586.rpm
 c3fd2f49a144ec27d8bad808a89cbb31  10.1/RPMS/libmysql12-devel-4.0.20-3.2.101mdk.i586.rpm
 3e2967952b1ddaa05561bf17b88fe24d  10.1/RPMS/libqt3-mysql-3.3.3-27.1.101mdk.i586.rpm
 f6b68d795599ec5a51b2c3c5cf3ada86  10.1/RPMS/MySQL-4.0.20-3.2.101mdk.i586.rpm
 514e962fbfb48e2d6e18baf8c6ad86b8  10.1/RPMS/MySQL-Max-4.0.20-3.2.101mdk.i586.rpm
 71624f3454fa8892b123104e1e9e7260  10.1/RPMS/MySQL-bench-4.0.20-3.2.101mdk.i586.rpm
 06fde75abed6b50838161eb95e375135  10.1/RPMS/MySQL-client-4.0.20-3.2.101mdk.i586.rpm
 fd3f8ed0bea7dee2e20fdf09a26c8715  10.1/RPMS/MySQL-common-4.0.20-3.2.101mdk.i586.rpm
 195735730d0535bef4dbe1fbb5c5cec7  10.1/SRPMS/MySQL-4.0.20-3.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 841beab56f637c1148348685b39daf6f  x86_64/10.1/RPMS/lib64mysql12-4.0.20-3.2.101mdk.x86_64.rpm
 7aa4b9a407252d5a333cd25b2f11d39d  x86_64/10.1/RPMS/lib64mysql12-devel-4.0.20-3.2.101mdk.x86_64.rpm
 ec4bb6dd0693f48a5960d30d48496839  x86_64/10.1/RPMS/lib64qt3-mysql-3.3.3-27.1.101mdk.x86_64.rpm
 3e2967952b1ddaa05561bf17b88fe24d  x86_64/10.1/RPMS/libqt3-mysql-3.3.3-27.1.101mdk.i586.rpm
 4683c29eac58dfea8c5d2d0aa7afc5e7  x86_64/10.1/RPMS/MySQL-4.0.20-3.2.101mdk.x86_64.rpm
 31a8ca40e7da9f3b311bff981c3f5614  x86_64/10.1/RPMS/MySQL-Max-4.0.20-3.2.101mdk.x86_64.rpm
 2783b732a61d2eb87422daf0f18913b7  x86_64/10.1/RPMS/MySQL-bench-4.0.20-3.2.101mdk.x86_64.rpm
 f034044d8fda605eeba6db49da02c4c4  x86_64/10.1/RPMS/MySQL-client-4.0.20-3.2.101mdk.x86_64.rpm
 ef4ce84d6cc648cf3e3cc938bafa8918  x86_64/10.1/RPMS/MySQL-common-4.0.20-3.2.101mdk.x86_64.rpm
 195735730d0535bef4dbe1fbb5c5cec7  x86_64/10.1/SRPMS/MySQL-4.0.20-3.2.101mdk.src.rpm

 Corporate Server 2.1:
 f4cd6b3d833a0a5d190b7d5defd6f18a  corporate/2.1/RPMS/libmysql10-3.23.56-1.7.C21mdk.i586.rpm
 1e2afd78697dfe26bfc9f5327f2f3108  corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.7.C21mdk.i586.rpm
 a6f2168c5faffff7872ba6a5c4bc2dd2  corporate/2.1/RPMS/MySQL-3.23.56-1.7.C21mdk.i586.rpm
 7f41d3536345a283812301a9b1416616  corporate/2.1/RPMS/MySQL-Max-3.23.56-1.7.C21mdk.i586.rpm
 c8632bb5f0f31862aa764efe8aedab19  corporate/2.1/RPMS/MySQL-bench-3.23.56-1.7.C21mdk.i586.rpm
 81c7febbb3be7b9c2c6f8eba26f6b040  corporate/2.1/RPMS/MySQL-client-3.23.56-1.7.C21mdk.i586.rpm
 fbb22ec4f0087ea2df640f2e99786334  corporate/2.1/SRPMS/MySQL-3.23.56-1.7.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 d1c474ac0d94e181d9955f33843ea1e5  x86_64/corporate/2.1/RPMS/libmysql10-3.23.56-1.7.C21mdk.x86_64.rpm
 6180ac0c3820243fc97191fc0e388618  x86_64/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.7.C21mdk.x86_64.rpm
 94629c4d41e9e5b041fd87a10f4626c6  x86_64/corporate/2.1/RPMS/MySQL-3.23.56-1.7.C21mdk.x86_64.rpm
 7c6e305fbbd13bda3ca09175931452b0  x86_64/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.7.C21mdk.x86_64.rpm
 4a5697b1822bae029b07e2f1d1907086  x86_64/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.7.C21mdk.x86_64.rpm
 66c8261cd44333d3457331fe65acb8d5  x86_64/corporate/2.1/RPMS/MySQL-client-3.23.56-1.7.C21mdk.x86_64.rpm
 fbb22ec4f0087ea2df640f2e99786334  x86_64/corporate/2.1/SRPMS/MySQL-3.23.56-1.7.C21mdk.src.rpm

 Corporate 3.0:
 2f0f9a15805949a8b1c4f707b495065a  corporate/3.0/RPMS/libmysql12-4.0.18-1.3.C30mdk.i586.rpm
 96e08808e0abdb36562d9d1326f024fa  corporate/3.0/RPMS/libmysql12-devel-4.0.18-1.3.C30mdk.i586.rpm
 e64e068fc62211319dbaa20574ec32cf  corporate/3.0/RPMS/MySQL-4.0.18-1.3.C30mdk.i586.rpm
 18737baa96e918b9319b0f624e8279db  corporate/3.0/RPMS/MySQL-Max-4.0.18-1.3.C30mdk.i586.rpm
 e002a2b1053995d8e18a43f1472154d6  corporate/3.0/RPMS/MySQL-bench-4.0.18-1.3.C30mdk.i586.rpm
 e6ac405500f65b0ab00ea7238218cea7  corporate/3.0/RPMS/MySQL-client-4.0.18-1.3.C30mdk.i586.rpm
 35b216ccea7ac198c0e855e89789b0b9  corporate/3.0/RPMS/MySQL-common-4.0.18-1.3.C30mdk.i586.rpm
 7fc62e5799ef5dd03aa2cf973dec3220  corporate/3.0/SRPMS/MySQL-4.0.18-1.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 ec3dd6d37697ef1832afd5abc07ef072  x86_64/corporate/3.0/RPMS/lib64mysql12-4.0.18-1.3.C30mdk.x86_64.rpm
 486940c54412a6a06ea2985fdd805cc3  x86_64/corporate/3.0/RPMS/lib64mysql12-devel-4.0.18-1.3.C30mdk.x86_64.rpm
 48feba0f77d5ead04e2226f50595494d  x86_64/corporate/3.0/RPMS/lib64qt3-mysql-3.2.3-19.6.100mdk.amd64.rpm
 3ca0207824ba315b9856e363831e8238  x86_64/corporate/3.0/RPMS/MySQL-4.0.18-1.3.C30mdk.x86_64.rpm
 64446e7f63df7df74426a47cf2de6625  x86_64/corporate/3.0/RPMS/MySQL-Max-4.0.18-1.3.C30mdk.x86_64.rpm
 390c3074eac1aac97b249979fa467741  x86_64/corporate/3.0/RPMS/MySQL-bench-4.0.18-1.3.C30mdk.x86_64.rpm
 f9b9bb7f21cdd8d53cbad39f37385143  x86_64/corporate/3.0/RPMS/MySQL-client-4.0.18-1.3.C30mdk.x86_64.rpm
 870eac0d47223dcf88ee24072e84dfc3  x86_64/corporate/3.0/RPMS/MySQL-common-4.0.18-1.3.C30mdk.x86_64.rpm
 7fc62e5799ef5dd03aa2cf973dec3220  x86_64/corporate/3.0/SRPMS/MySQL-4.0.18-1.3.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Canadians arrest a Heartbleed hacker
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.