mysql| security-Affected system:
MySQL AB MySQL 4.1.0-alpha
MySQL AB MySQL 4.1.0
MySQL AB MySQL 4.0.9
MySQL AB MySQL 4.0.8
MySQL AB MySQL 4.0.7
MySQL AB MySQL 4.0.6
MySQL AB MySQL 4.0.5a
MySQL AB MySQL 4.0.5
MySQL AB MySQL 4.0.4
MySQL AB MySQL 4.0.3
MySQL AB MySQL 4.0.2
MySQL AB MySQL 4.0.15
MySQL AB MySQL 4.0.14
MySQL AB MySQL 4.0.13
MySQL AB MySQL 4.0.12
MySQL AB MySQL 4.0.11
MySQL AB MySQL 4.0.10
MySQL AB MySQL 4.0.1
MySQL AB MySQL 4.0.0
MySQL AB MySQL 3.23.9
MySQL AB MySQL 3.23.8
MySQL AB MySQL 3.23.57
MySQL AB MySQL 3.23.56
MySQL AB MySQL 3.23.55
MySQL AB MySQL 3.23.54
MySQL AB MySQL 3.23.53a
MySQL AB MySQL 3.23.53
MySQL AB MySQL 3.23.52
MySQL AB MySQL 3.23.51
MySQL AB MySQL 3.23.50
MySQL AB MySQL 3.23.5
MySQL AB MySQL 3.23.48
MySQL AB MySQL 3.23.47
MySQL AB MySQL 3.23.46
MySQL AB MySQL 3.23.45
MySQL AB MySQL 3.23.44
MySQL AB MySQL 3.23.43
MySQL AB MySQL 3.23.42
MySQL AB MySQL 3.23.41
MySQL AB MySQL 3.23.40
MySQL AB MySQL 3.23.4
MySQL AB MySQL 3.23.39
MySQL AB MySQL 3.23.38
MySQL AB MySQL 3.23.37
MySQL AB MySQL 3.23.36
MySQL AB MySQL 3.23.34
MySQL AB MySQL 3.23.31
MySQL AB MySQL 3.23.30
MySQL AB MySQL 3.23.3
MySQL AB MySQL 3.23.29
MySQL AB MySQL 3.23.28 gamma
MySQL AB MySQL 3.23.28
MySQL AB MySQL 3.23.27
MySQL AB MySQL 3.23.26
MySQL AB MySQL 3.23.25
MySQL AB MySQL 3.23.24
MySQL AB MySQL 3.23.23
MySQL AB MySQL 3.23.2
MySQL AB MySQL 3.23.10
MySQL AB MySQL 3.22.32
MySQL AB MySQL 3.22.30
MySQL AB MySQL 3.22.29
MySQL AB MySQL 3.22.28
MySQL AB MySQL 3.22.27
MySQL AB MySQL 3.22.26
MySQL AB MySQL 3.20.32a
MySQL AB MySQL 3.23.49
-Debian Linux 3.0
-Mandrake Linux 9.0
-Mandrake Linux 8.2
-Mandrake Linux 8.1
-RedHat Linux 7.3
-RedHat Linux 7.2
-SuSE Linux 8.2
-SuSE Linux 8.1
Detailed Description:
MySQL is an open source relational database system. The MySQL Error Reporting tool (MYSQLBUG) is unsafe to create temporary files that can be exploited by a local attacker to destroy arbitrary file contents of the system and cause a denial-of-service attack.
Mysqlbug is the error reporting script, the runtime launches a text editor, and users are prompted to write their error reports using the template. Problem exists with a script that handles a user's simple exit text editor without changing the vulnerability report, Mysqlbug executes the following code:
--
If Cmp-s $TEMP $TEMP. x
Then
echo "File not changed, no bug submitted."
CP $TEMP/tmp/failed-mysql-bugreport
echo "The Raw bug exists in
/tmp/failed-mysql-bugreport "
Echo ' If you have this remember the ' the ' the ' lines
of the
is a lie
.."
Exit 1
Fi
--
Temporary files are established with a static file name, so an attacker can establish a symbolic connection, which can cause the connection's target file to be corrupted when other users invoke error debugging, which can be exploited by a local attacker to exploit a denial-of-service attack on the local system.
Patch Download:
Http://www.mysql.com/doc/en/Installing_source_tree.html