GLSA-200405-20 : Insecure Temporary File Creation In MySQL

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200405-20
(Insecure Temporary File Creation In MySQL)

The MySQL bug reporting utility (mysqlbug) creates a temporary file to log
bug reports to. A malicious local user with write access to the /tmp
directory could create a symbolic link of the name mysqlbug-N
pointing to a protected file, such as /etc/passwd, such that when mysqlbug
creates the Nth log file, it would end up overwriting the target
file. A similar vulnerability exists with the mysql_multi utility, which
creates a temporary file called mysql_multi.log.

Impact :

Since mysql_multi runs as root, a local attacker could use this to destroy
any other users' data or corrupt and destroy system files.

Workaround :

One could modify both scripts to log to a directory that users do not have
write permission to, such as /var/log/mysql/.

See also :

http://www.gentoo.org/security/en/glsa/glsa-200405-20.xml

Solution :

All users should upgrade to the latest stable version of MySQL.
# emerge sync
# emerge -pv '>=dev-db/mysql-4.0.18-r2'
# emerge '>=dev-db/mysql-4.0.18-r2'

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 14506 (gentoo_GLSA-200405-20.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0381
CVE-2004-0388