Mandrake Linux Security Advisory : MySQL (MDKSA-2004:034)
Low Nessus Plugin ID 14133
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionShaun Colley discovered that two scripts distributed with MySQL, the 'mysqld_multi' and 'mysqlbug' scripts, did not create temporary files in a secure fashion. An attacker could create symbolic links in /tmp that could allow for overwriting of files with the privileges of the user running the scripts.
The scripts have been patched in the updated packages to prevent this behaviour.
SolutionUpdate the affected packages.