Login
Newsletter
Werbung
Sicherheit: Erlangen von root-Rechten in mysql
Aktuelle Meldungen Distributionen
Name: Erlangen von root-Rechten in mysql
ID: DSA-540-1
Distribution: Debian
Plattformen: Debian woody
Datum: Do, 19. August 2004, 13:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0457
Applikationen: MySQL

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Debian Security Advisory DSA 540-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
August 18th, 2004                       http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : mysql
Vulnerability  : insecure file creation
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2004-0457

Jeroen van Wolffelaar <jeroen@wolffelaar.nl> discovered an insecure
temporary file vulnerability in the mysqlhotcopy script when using the
scp method which is part of the mysql-server packge

For the stable distribution (woody) this problem has been fixed in
version 3.23.49-8.7 of mysql.

For the unstable distribution (sid) this problem has been fixed in
version 4.0.20-11 of mysql-dfsg.

We recommend that you upgrade your mysql-server package.


Upgrade Instructions
--------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
--------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.7.dsc
      Size/MD5 checksum:      875 0253bc04d4342b0b47be1ac4be381fcb
    mysql_3.23.49-8.7.diff.gz
      Size/MD5 checksum:    62203 56ed69d5cf8f501a3dfcd26c5424967b
    mysql_3.23.49.orig.tar.gz
      Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a

  Architecture independent components:

    mysql-common_3.23.49-8.7_all.deb
      Size/MD5 checksum:    16966 0d4cd91f0862c147d2a4fcb190220e46
    mysql-doc_3.23.49-8.5_all.deb
      Size/MD5 checksum:  1962992 a4cacebaadf9d5988da0ed1a336b48e6

  Alpha architecture:

    libmysqlclient10_3.23.49-8.7_alpha.deb
      Size/MD5 checksum:   277782 84bbf59abaf73966c82c335af4e0ef33
    libmysqlclient10-dev_3.23.49-8.7_alpha.deb
      Size/MD5 checksum:   778838 d40cc28047accb94bb6c2cad46c46830
    mysql-client_3.23.49-8.7_alpha.deb
      Size/MD5 checksum:   163608 35b77731392a90711e8a0d4f4452380d
    mysql-server_3.23.49-8.7_alpha.deb
      Size/MD5 checksum:  3634314 633ac1e9469ee237a98b591a48c3e07b

  ARM architecture:

    libmysqlclient10_3.23.49-8.7_arm.deb
      Size/MD5 checksum:   238392 b75905023a478a1f94b5a7208ec8976e
    libmysqlclient10-dev_3.23.49-8.7_arm.deb
      Size/MD5 checksum:   634684 371509a46f9810a8332435743a59ec68
    mysql-client_3.23.49-8.7_arm.deb
      Size/MD5 checksum:   124018 c5502886cc95d7c30e61c37b5236c7ab
    mysql-server_3.23.49-8.7_arm.deb
      Size/MD5 checksum:  2806166 8273e10a96155956e136d16308f0c733

  Intel IA-32 architecture:

    libmysqlclient10_3.23.49-8.7_i386.deb
      Size/MD5 checksum:   234728 d750bba77d074b2c08214a4079f71993
    libmysqlclient10-dev_3.23.49-8.7_i386.deb
      Size/MD5 checksum:   576628 a56c5b97161e912ae083aa77aeceaeda
    mysql-client_3.23.49-8.7_i386.deb
      Size/MD5 checksum:   122568 e2ca446cef57cffc83e3c4424436fb48
    mysql-server_3.23.49-8.7_i386.deb
      Size/MD5 checksum:  2800660 83d57e469ffe22060c25cc7ad0275b90

  Intel IA-64 architecture:

    libmysqlclient10_3.23.49-8.7_ia64.deb
      Size/MD5 checksum:   315114 d4130def7e18f8df5b666a6a6f76e04c
    libmysqlclient10-dev_3.23.49-8.7_ia64.deb
      Size/MD5 checksum:   848640 1c224cfb5bb1a353267111b5e5332340
    mysql-client_3.23.49-8.7_ia64.deb
      Size/MD5 checksum:   173834 e12daa69c9d09caa8a2a89fe139ba2ae
    mysql-server_3.23.49-8.7_ia64.deb
      Size/MD5 checksum:  4000194 0a9a09412a045fc321db24cae47855fd

  HP Precision architecture:

    libmysqlclient10_3.23.49-8.7_hppa.deb
      Size/MD5 checksum:   280660 82775e57a5f2149525b22913360b1b7b
    libmysqlclient10-dev_3.23.49-8.7_hppa.deb
      Size/MD5 checksum:   743766 a0ab2c3dee3a7f21353993beb69af4be
    mysql-client_3.23.49-8.7_hppa.deb
      Size/MD5 checksum:   140656 9f420fba715ddddb8449c92f726cd535
    mysql-server_3.23.49-8.7_hppa.deb
      Size/MD5 checksum:  3514790 24fe02cf3d7ad3a3e875ae5192248fe6

  Motorola 680x0 architecture:

    libmysqlclient10_3.23.49-8.7_m68k.deb
      Size/MD5 checksum:   227724 6b369645a2ab31d3b9e3818376f96f14
    libmysqlclient10-dev_3.23.49-8.7_m68k.deb
      Size/MD5 checksum:   557870 950f89f1e47451bcada42afbfc1616b3
    mysql-client_3.23.49-8.7_m68k.deb
      Size/MD5 checksum:   118440 fcf4b08ce268a75860c30534bc24c7c3
    mysql-server_3.23.49-8.7_m68k.deb
      Size/MD5 checksum:  2646646 d2280764c2e1f01bbfe3c3d4f168cf20

  Big endian MIPS architecture:

    libmysqlclient10_3.23.49-8.7_mips.deb
      Size/MD5 checksum:   250988 cccf9eeaa5124a56cf44746b1f041d67
    libmysqlclient10-dev_3.23.49-8.7_mips.deb
      Size/MD5 checksum:   689130 88f5d5d1643099bd81706d64a6af3c2b
    mysql-client_3.23.49-8.7_mips.deb
      Size/MD5 checksum:   133938 89f000380c7e3b13f87e8fca48e00e7e
    mysql-server_3.23.49-8.7_mips.deb
      Size/MD5 checksum:  2848238 c970656b529ebe83d7e8b40e5b4cd8f6

  Little endian MIPS architecture:

    libmysqlclient10_3.23.49-8.7_mipsel.deb
      Size/MD5 checksum:   250664 e53634cf126c1568a9a4d594cd233497
    libmysqlclient10-dev_3.23.49-8.7_mipsel.deb
      Size/MD5 checksum:   688600 072446a7a7f6c3a68a2a27b44fe86d93
    mysql-client_3.23.49-8.7_mipsel.deb
      Size/MD5 checksum:   134302 a371a6148b5d8447fdd4bc351c60aaab
    mysql-server_3.23.49-8.7_mipsel.deb
      Size/MD5 checksum:  2839356 9ddea423e6af652be2cccb798ee5b79b

  PowerPC architecture:

    libmysqlclient10_3.23.49-8.7_powerpc.deb
      Size/MD5 checksum:   247750 d0834fcb13cd965944cd2e333fde4e1b
    libmysqlclient10-dev_3.23.49-8.7_powerpc.deb
      Size/MD5 checksum:   652692 d95b165e3d32e7c0fed77894b26d4099
    mysql-client_3.23.49-8.7_powerpc.deb
      Size/MD5 checksum:   129464 6c5a3a147f8addfb11468363ac9d359f
    mysql-server_3.23.49-8.7_powerpc.deb
      Size/MD5 checksum:  2823174 a9b047917ec5434d43822012b71a7089

  IBM S/390 architecture:

    libmysqlclient10_3.23.49-8.7_s390.deb
      Size/MD5 checksum:   250064 ff9145b181f1444666dad04737a150e0
    libmysqlclient10-dev_3.23.49-8.7_s390.deb
      Size/MD5 checksum:   607144 0e83a668c929ced395cf3ca606e0f12c
    mysql-client_3.23.49-8.7_s390.deb
      Size/MD5 checksum:   126464 68d3a65090e78b4f55b2a9a462a950fb
    mysql-server_3.23.49-8.7_s390.deb
      Size/MD5 checksum:  2691100 45694091af758ba8caa1a377770f21f8

  Sun Sparc architecture:

    libmysqlclient10_3.23.49-8.7_sparc.deb
      Size/MD5 checksum:   241270 4e646c1bb89ead3639a17687841520c2
    libmysqlclient10-dev_3.23.49-8.7_sparc.deb
      Size/MD5 checksum:   615778 d8c22eaba1f675ee99e5b86f3eedbd5e
    mysql-client_3.23.49-8.7_sparc.deb
      Size/MD5 checksum:   130430 fbd382e2af812d545810ea0dd3813ad6
    mysql-server_3.23.49-8.7_sparc.deb
      Size/MD5 checksum:  2939782 9094961028c0f5d32fa1c5aebf5beec2

  These files will probably be moved into the stable distribution on
  its next update.

--------------------------------------------------------------------------------
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBIwmqW5ql+IAeqTIRAi1+AJ9gPrR8ovOY2w4y1uYPMRDCaj1lKQCdE4aO
yQ846+VXr8T4FUQG/3x2jb0=
=/XFC
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
 listmaster@lists.debian.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung