Your message dated Tue, 18 Jan 2005 18:02:41 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#291122: fixed in mysql-dfsg-4.1 4.1.8a-6
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 18 Jan 2005 21:38:20 +0000
>From [EMAIL PROTECTED] Tue Jan 18 13:38:20 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cr13M-0006Pq-00; Tue, 18 Jan 2005 13:38:20 -0800
Received: from dragon.kitenet.net (unknown [66.168.94.144])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id 6AB5417ED6
for <[EMAIL PROTECTED]>; Tue, 18 Jan 2005 21:38:19 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id 294126F23C; Tue, 18 Jan 2005 16:40:20 -0500 (EST)
Date: Tue, 18 Jan 2005 16:40:19 -0500
From: Joey Hess <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: temporary file security hole in mysqlaccess
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="QKdGvSO+nmPlgiQ/"
Content-Disposition: inline
X-Reportbug-Version: 3.5
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--QKdGvSO+nmPlgiQ/
Content-Type: multipart/mixed; boundary="7JfCtLOvnd9MIVvH"
Content-Disposition: inline
--7JfCtLOvnd9MIVvH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: mysql-dfsg
Severity: grave
Tags: security patch
There is a security hole in the mysqlaccess script, as described here:
http://www.vuxml.org/freebsd/ce109fd4-67f3-11d9-a9e7-0001020eed82.html
I've attached a patch taken from Ubuntu.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8)
--=20
see shy jo
--7JfCtLOvnd9MIVvH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="mysql-dfsg.tempfile"
Content-Transfer-Encoding: quoted-printable
diff -Nur mysql-dfsg-4.0.23/scripts/mysqlaccess.sh mysql-dfsg-4.0.23.new/sc=
ripts/mysqlaccess.sh
--- mysql-dfsg-4.0.23/scripts/mysqlaccess.sh 2005-01-18 13:45:56.363964096 =
+0100
+++ mysql-dfsg-4.0.23.new/scripts/mysqlaccess.sh 2005-01-18
13:46:29.920862=
672 +0100
@@ -3,6 +3,7 @@
package MySQLaccess;
#use strict;
use POSIX qw(tmpnam);
+use File::Temp qw/ tempfile tempdir /;
use Fcntl;
=20
BEGIN {
@@ -32,7 +33,6 @@
$ACCESS_U_BCK =3D 'user_backup'; =20
$ACCESS_D_BCK =3D 'db_backup'; =20
$DIFF =3D '/usr/bin/diff';=20
- $TMP_PATH =3D '/tmp'; #path to writable tmp-directory
$MYSQLDUMP =3D '@bindir@/mysqldump';
#path to mysqldump executable
=20
@@ -583,8 +583,6 @@
push(@MySQLaccess::Grant::Error,'not_found_mysql') if !(-x $MYSQL);
push(@MySQLaccess::Grant::Error,'not_found_diff') if !(-x $DIFF);
push(@MySQLaccess::Grant::Error,'not_found_mysqldump') if !(-x $MYSQLDUMP);
-push(@MySQLaccess::Grant::Error,'not_found_tmp') if !(-d $TMP_PATH);
-push(@MySQLaccess::Grant::Error,'write_err_tmp') if !(-w $TMP_PATH);
if (@MySQLaccess::Grant::Error) {
MySQLaccess::Report::Print_Error_Messages() ;
exit 0;
@@ -1783,9 +1781,10 @@
@before =3D sort(@before);
@after =3D sort(@after);
=20
- $before =3D "$MySQLaccess::TMP_PATH/$MySQLaccess::script.before.$$";
- $after =3D "$MySQLaccess::TMP_PATH/$MySQLaccess::script.after.$$";
- #$after =3D "/tmp/t0";
+ $before =3D new File::Temp ( Template =3D> "$MySQLaccess::script.XXXXXX=
", SUFFIX =3D> ".before" ) or
+ die "Cannot create temporary file: $!" ;
+ $after =3D new File::Temp ( Template =3D> "$MySQLaccess::script.XXXXXX"=
, SUFFIX =3D> ".after" ) or=20
+ die "Cannot create temporary file: $!" ;
open(BEFORE,"> $before") ||
push(@MySQLaccess::Report::Errors,"Can't open temporary file $before f=
or writing");
open(AFTER,"> $after") ||
--7JfCtLOvnd9MIVvH--
--QKdGvSO+nmPlgiQ/
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFB7YJBd8HHehbQuO8RAv1YAKCHeAhBtCxIVEeNnwJf+h2Gbu65HACgrZJw
Q5PbOblmrU03KJHhJipX2bM=
=+DLB
-----END PGP SIGNATURE-----
--QKdGvSO+nmPlgiQ/--
---------------------------------------
Received: (at 291122-close) by bugs.debian.org; 18 Jan 2005 23:05:44 +0000
>From [EMAIL PROTECTED] Tue Jan 18 15:05:43 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cr2Pv-0003cK-00; Tue, 18 Jan 2005 15:05:43 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1Cr2Mz-0004jw-00; Tue, 18 Jan 2005 18:02:41 -0500
From: Christian Hammers <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#291122: fixed in mysql-dfsg-4.1 4.1.8a-6
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 18 Jan 2005 18:02:41 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: mysql-dfsg-4.1
Source-Version: 4.1.8a-6
We believe that the bug you reported is fixed in the latest version of
mysql-dfsg-4.1, which is due to be installed in the Debian FTP archive:
libmysqlclient14-dev_4.1.8a-6_i386.deb
to pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.8a-6_i386.deb
libmysqlclient14_4.1.8a-6_i386.deb
to pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.8a-6_i386.deb
mysql-client-4.1_4.1.8a-6_i386.deb
to pool/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.8a-6_i386.deb
mysql-common-4.1_4.1.8a-6_all.deb
to pool/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.8a-6_all.deb
mysql-dfsg-4.1_4.1.8a-6.diff.gz
to pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.8a-6.diff.gz
mysql-dfsg-4.1_4.1.8a-6.dsc
to pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.8a-6.dsc
mysql-server-4.1_4.1.8a-6_i386.deb
to pool/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.8a-6_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Hammers <[EMAIL PROTECTED]> (supplier of updated mysql-dfsg-4.1
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 18 Jan 2005 23:11:48 +0100
Source: mysql-dfsg-4.1
Binary: libmysqlclient14-dev mysql-common-4.1 libmysqlclient14 mysql-server-4.1
mysql-client-4.1
Architecture: source i386 all
Version: 4.1.8a-6
Distribution: unstable
Urgency: high
Maintainer: Christian Hammers <[EMAIL PROTECTED]>
Changed-By: Christian Hammers <[EMAIL PROTECTED]>
Description:
libmysqlclient14 - mysql database client library
libmysqlclient14-dev - mysql database development files
mysql-client-4.1 - mysql database client binaries
mysql-common-4.1 - mysql database common files (e.g. /etc/mysql/my.cnf)
mysql-server-4.1 - mysql database server binaries
Closes: 291122
Changes:
mysql-dfsg-4.1 (4.1.8a-6) unstable; urgency=high
.
* SECURITY:
Javier Fernandez-Sanguino Pena from the Debian Security Audit Project
discovered a temporary file vulnerability in the mysqlaccess script of
MySQL that could allow an unprivileged user to let root overwrite
arbitrary files via a symlink attack and could also could unveil the
contents of a temporary file which might contain sensitive information.
(CAN-2005-0004, http://lists.mysql.com/internals/20600) Closes: #291122
Files:
457e023dfb9ef8546c6b35558c5074af 977 misc optional mysql-dfsg-4.1_4.1.8a-6.dsc
ac3ccd25ce8d87a58d93c817d7e1728b 150641 misc optional
mysql-dfsg-4.1_4.1.8a-6.diff.gz
07bc9b9f5662c2f49989ec32ce9e11ca 31350 misc optional
mysql-common-4.1_4.1.8a-6_all.deb
eabbfd8c496b66a0e9db633e6d4bcca7 1402206 libs optional
libmysqlclient14_4.1.8a-6_i386.deb
61c5553a0780593085d51601fb961178 2507316 libdevel optional
libmysqlclient14-dev_4.1.8a-6_i386.deb
e8f3e7a625b7cb3d82608c3f6388a3a9 821358 misc optional
mysql-client-4.1_4.1.8a-6_i386.deb
22764a0f454cb270bd26ea33f75377d4 14480332 misc optional
mysql-server-4.1_4.1.8a-6_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iEYEARECAAYFAkHtkusACgkQkR9K5oahGOYNgACfUAW5Y8viOpFsZgMNZSQGBA9m
xGwAnR1LBuZCSavnH0Vld9bCpdOmKF8o
=GjKA
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
