Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 60744
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Matthias Geerdsen <vorlon@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 60744 depends on: Show dependency tree
Bug 60744 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-08-18 01:20 0000 
CAN-2004-0457
http://lists.mysql.com/internals/15185 has the patch Debian used according to the changelog of the stable version:

"mysql (3.23.49-8.7) stable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Applied upstream patch by Sergei Golubchik <serg@mysql.com> to fix
    insecure temporary file creation [scripts/mysqlhotcopy.sh,
    http://lists.mysql.com/internals/15185, CAN-2004-0457]

 -- Martin Schulze <joey@infodrom.org>  Sat, 14 Aug 2004 17:24:09 +0200"


and:

http://packages.debian.org/changelogs/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-11/changelog

"mysql-dfsg (4.0.20-11) unstable; urgency=high

  * SECURITY
    This version fixes a security flaw in mysqlhotcopy which created
    temporary files in /tmp which had predictable filenames and such
    could be used for a tempfile run attack.
    The issue has been recorded as CAN-2004-0457.

 -- Christian Hammers <ch@debian.org>  Sat, 14 Aug 2004 18:27:19 +0200"

Reproducible: Always
Steps to Reproduce:

------- Comment #1 From Sune Kloppenborg Jeppesen 2004-08-23 11:48:30 0000 ------- 
mysql-bugs please provide an updated ebuild.

------- Comment #2 From Robin Johnson 2004-08-23 13:31:28 0000 ------- 
in cvs now.
3.23.58-r1
4.0.20-r1

------- Comment #3 From Sune Kloppenborg Jeppesen 2004-08-23 13:41:48 0000 ------- 
Arches please mark stable.

Target keywords:

3.23.58-r1 alpha hppa ppc sparc x86

4.0.20-r1 alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sparc x86

------- Comment #4 From Jason Wever (RETIRED) 2004-08-23 21:37:31 0000 ------- 
Package maintainers, is it possible to test a test case or two that would show
this is indeed fixed?

Security, sorry for sounding like a broken record ;)

------- Comment #5 From Robin Johnson 2004-08-23 23:41:14 0000 ------- 
weeve: I don't even know anybody that uses the affected utility, much less be
able to produce a halfway usable testcase for it. This is one of the times I'd
say that so long as the fixed code is in the mysqlhotcopy script, I'd have to
leave it at that.

------- Comment #6 From Pieter Van den Abeele 2004-08-24 10:42:28 0000 ------- 
masked stable on ppc.

------- Comment #7 From Gustavo Zacarias (RETIRED) 2004-08-24 14:44:38 0000 ------- 
3.23.58-r1 & 4.0.20-r1 sparc stable.
The test case can be done in a simple way, use mysqlhotcopy to copy (sic) a big db, so as to have time to kill the process and check the resulting non-cleaned up temporary file it uses.
Otherwise you can play with an strace, but it's a torture.

------- Comment #8 From Hardave Riar (RETIRED) 2004-08-24 20:25:07 0000 ------- 
Stable on mips

------- Comment #9 From Bryan Østergaard (RETIRED) 2004-08-25 09:18:40 0000 ------- 
Stable on alpha.

------- Comment #10 From SpanKY 2004-08-25 22:29:48 0000 ------- 
moved to stable for arm/hppa/amd64/ia64

------- Comment #11 From Sune Kloppenborg Jeppesen 2004-08-28 15:51:30 0000 ------- 
***bump***
Arches please mark stable
***bump***

------- Comment #12 From Robin Johnson 2004-08-28 21:56:49 0000 ------- 
done on x86.

------- Comment #13 From Thierry Carrez (RETIRED) 2004-09-01 08:46:26 0000 ------- 
GLSA 200409-02
ppc64, s390 : please mark mysql-4.0.20-r1 stable to benefit from that GLSA.

------- Comment #14 From Tom Gall 2004-09-26 20:53:27 0000 ------- 
fixed on ppc64
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug