OpenPKG Security Advisory
OpenPKG-SA-2005.006
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2005.006 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2005.006 Advisory Published: 2008-08-07 22:06 UTC Issue Id (internal): OpenPKG-SI-20050420.01 Issue First Created: 2005-04-20 Issue Last Modified: 2006-11-28 Issue Revision: 06
Subject Name: MySQL Subject Summary: Fast Relational Database Management System Subject Home: http://www.mysql.com/products/mysql/ Subject Versions: * <= 4.1.10 Vulnerability Id: CVE-2005-0004, CVE-2005-0709, CVE-2005-0710, CVE-2005-0711 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: local system Attack Impact: privilege escalation, arbitrary code execution Description: Several vulnerabilities including insecure handling of temporary files and arbitrary code execution have been discovered in the MySQL RDBMS [0]. Javier Fernandez-Sanguino Pena found that users may overwrite arbitrary files or read temporary files via a symlink attack on insecurely created temporary files. CVE-2005-0004 Stefano Di Paola found that users may load forbidden dynamic library symbols with dlsym(3) to exploit a problem with user definable functions (UDFs) logic and thereby remotely execute arbitrary code. CVE-2005-0709 Stefano Di Paola also determined that incomplete testing of dynamic library pathnames could lead to insecure loading of UDFs from dynamic libraries in arbitrary locations, allowing users to remotely execute arbitrary code. CVE-2005-0710 Stefano Di Paola also discovered that creation of temporary tables uses predictable file names, allowing users to overwrite arbitrary files via a symlink attack. CVE-2005-0711 References: [0] http://www.mysql.com/ [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0004 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0709 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0710 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0711 [5] http://www.openpkg.org/tutorial.html#regular-source [6] http://www.openpkg.org/tutorial.html#regular-binary [7] ftp://ftp.openpkg.org/release/2.2/UPD/mysql-4.0.21-2.2.2.src.rpm [8] ftp://ftp.openpkg.org/release/2.2/UPD/ [9] http://www.openpkg.org/security.html#signature
Primary Package Name: mysql Primary Package Home: http://openpkg.org/go/package/mysql Affected Distribution: Affected Branch: Affected Package: OpenPKG Community 2.2-SOLID mysql-4.0.21-2.2.1 OpenPKG Community CURRENT mysql-4.1.10-20050216 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Community 2.2-SOLID mysql-4.0.21-2.2.2 OpenPKG Community CURRENT mysql-4.1.10a-20050311
