GLSA-200405-20 : Insecure Temporary File Creation In MySQL

This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200405-20
(Insecure Temporary File Creation In MySQL)

The MySQL bug reporting utility (mysqlbug) creates a temporary file to log
bug reports to. A malicious local user with write access to the /tmp
directory could create a symbolic link of the name mysqlbug-N
pointing to a protected file, such as /etc/passwd, such that when mysqlbug
creates the Nth log file, it would end up overwriting the target
file. A similar vulnerability exists with the mysql_multi utility, which
creates a temporary file called mysql_multi.log.

Impact :

Since mysql_multi runs as root, a local attacker could use this to destroy
any other users' data or corrupt and destroy system files.

Workaround :

One could modify both scripts to log to a directory that users do not have
write permission to, such as /var/log/mysql/.

See also :

Solution :

All users should upgrade to the latest stable version of MySQL.
# emerge sync
# emerge -pv '>=dev-db/mysql-4.0.18-r2'
# emerge '>=dev-db/mysql-4.0.18-r2'

Risk factor :

Low / CVSS Base Score : 2.1
CVSS Temporal Score : 2.0
Public Exploit Available : true

Family: Gentoo Local Security Checks

Nessus Plugin ID: 14506 (gentoo_GLSA-200405-20.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0381

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now