Mandrake Linux Security Advisory : MySQL (MDKSA-2004:034)

Low Nessus Plugin ID 14133


The remote Mandrake Linux host is missing one or more security updates.


Shaun Colley discovered that two scripts distributed with MySQL, the 'mysqld_multi' and 'mysqlbug' scripts, did not create temporary files in a secure fashion. An attacker could create symbolic links in /tmp that could allow for overwriting of files with the privileges of the user running the scripts.

The scripts have been patched in the updated packages to prevent this behaviour.


Update the affected packages.

Plugin Details

Severity: Low

ID: 14133

File Name: mandrake_MDKSA-2004-034.nasl

Version: $Revision: 1.17 $

Type: local

Published: 2004/07/31

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:MySQL, p-cpe:/a:mandriva:linux:MySQL-Max, p-cpe:/a:mandriva:linux:MySQL-bench, p-cpe:/a:mandriva:linux:MySQL-client, p-cpe:/a:mandriva:linux:MySQL-common, p-cpe:/a:mandriva:linux:lib64mysql12, p-cpe:/a:mandriva:linux:lib64mysql12-devel, p-cpe:/a:mandriva:linux:libmysql12, p-cpe:/a:mandriva:linux:libmysql12-devel, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:9.1, cpe:/o:mandrakesoft:mandrake_linux:9.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2004/04/19

Reference Information

CVE: CVE-2004-0381, CVE-2004-0388

MDKSA: 2004:034