MySQL mysql_install_db Insecure Temporary File Creation Vulnerability

MySQL is reportedly affected by a vulnerability that can allow local attackers to gain unauthorized access to the database or gain elevated privileges. This issue results from a design error due to the creation of temporary files in an insecure manner.

The vulnerability affects the 'mysql_install_db' script.

Due to the nature of the script, an attacker may create database accounts or gain elevated privileges.

MySQL versions prior to 4.0.12 and MySQL 5.x releases 5.0.4 and prior are reported to be affected.

Solution:

It was reported that MySQL 4.0.12 is not affected by this issue. This has not been confirmed. Please contact the vendor for more information.

Please see the referenced advisories for more information:

- Fedora advisory FEDORA-2005-557 for Fedora Core 4 is available to address this issue.
- Debian GNU/Linux has released advisory DSA 783-1, along with fixes to address this issue.
- Red Hat has released security advisory RHSA-2005:685-5 addressing this issue for their Desktop and Enterprise editions.

References:

MySQL Homepage (MySQL AB)
RHSA-2005:685-5 - mysql security update (RedHat)

User comments

Only registerd members can post comments and articles

[ Register ] or [ Sign in ]

Return to Blog list

Troubleshoot

Hot topics on BugsFORUM

RSS Feeds: Add headlines from BugsFORUM to your homepage or feedreader.; Google Yahoo NewsGator

MySQL mysql_install_db Insecure Temporary File Creation Vulnerability

User comments

More news by category

Audio & Video

Cars

Communication

Games

General news

Internet

PDA

Security

SoftWare

Vulnerability

Hot topics on BugsFORUM