Press CTRL-D to bookmark us
Welcome Guest Login / Register / Members
Search in  
Top Submit newsSubscribe
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
 

 Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?
 
 MySQL 'mysqlaccess.sh' Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
Categorie: Vulnerability
Posted: 2005-01-19 by ReCall
Views: 366
Source: Click here
 		Current Rating: Not rated
Poor Best
 Details
Description: A vulnerability was reported in MySQL in the 'mysqlaccess.sh' script. A local user may be able to obtain elevated privileges.

The vendor reported that 'mysqlaccess.sh' creates temporary files in an unsafe manner. A local user can create a symbolic link (symlink) from a critical file on the system to a temporary file to be used by the script. Then, when the script is executed, the symlinked file may be modified with the privileges of the script.

The vendor credits Javier Fernandez-Sanguino Pena and the Debian Security Audit Team with reporting this flaw.

Impact: A local user may be able to obtain elevated privileges.

Solution: A fix is available via Bitkeeper. The patch is available at:

http://lists.mysql.com/internals/20600
 
Syndication
Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1301

User comments (post your comments here)

Only registerd members can post comments and articles
 
Previous articleBack to news listNext article
 


InterJOB.su
Bookmark us | Set As Homepage | Advertising | Contact Us | Recomend us | Link us | Links | Terms

SpyLOG Page Rank Checker
LAST QUERIES