[RedHat] Unsicheres Anlegen temporaerer Dateien durch MySQL in RedHat Enterprise Linux 3.0 - RHSA-2004:569-01

win-sec-ssc at dfn-cert.de win-sec-ssc at dfn-cert.de
Thu Oct 21 14:08:21 CEST 2004


-----BEGIN PGP SIGNED MESSAGE-----

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgendes RedHat Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.

CAN-2004-0381 - Unsicheres Anlegen von temporaeren Dateien durch mysqlbug

   Das Skript mysqlbug von MySQL legt temporaere Dateien unsicher an. Ein
   lokaler Angreifer kann diese Schwachstelle durch symbolische Links
   ausnutzen, um beliebige Dateien mit den Rechten des MySQL Servers
   (haeufig root) zu ueberschreiben.

CAN-2004-0388 - Unsicheres Anlegen von temporaeren Dateien durch mysqld_multi

   Das Skript mysqld_multi von MySQL legt temporaere Dateien unsicher an.
   Ein lokaler Angreifer kann diese Schwachstelle durch symbolische Links
   ausnutzen, um beliebige Dateien mit den Rechten des MySQL Servers
   (haeufig root) zu ueberschreiben.

CAN-2004-0457 - Race Condition bein Anlegen von temporaeren Dateien in mysqlhotcopy

   Das Skript mysqlhotcopy erzeugt eine temporaere Datei auf unsichere
   Weise. Ein lokaler Angreifer kann dadurch unter Umstaenden beliebige
   Dateien des betroffenen Systems ueberschreiben. Das Skript
   mysqlhotcopy ist Teil des MySQL-Paketes und wird verwendet, um die
   Datenbank zur Laufzeit zu Replizieren.

Betroffen ist das Paket mysql auf den folgenden Plattformen:

   Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
   Red Hat Desktop version 3 - i386, x86_64
   Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
   Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
    Andreas Bunten, DFN-CERT

- -- 
Andreas Bunten (CSIRT), DFN-CERT Services GmbH
https://www.dfn-cert.de/, +49 40 808077-617


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                    Red Hat Security Advisory

Synopsis:          Updated mysql packages fix minor security issues and bugs
Advisory ID:       RHSA-2004:569-01
Issue date:        2004-10-20
Updated on:        2004-10-20
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0381 CAN-2004-0388 CAN-2004-0457
- - ---------------------------------------------------------------------

1. Summary:

Updated mysql packages that fix various temporary file security issues,
as well as a number of bugs, are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

MySQL is a multi-user, multi-threaded SQL database server.

This update fixes a number of small bugs, including some potential
security problems associated with careless handling of temporary files.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2004-0381, CAN-2004-0388, and CAN-2004-0457 to these
issues.

A number of additional security issues that affect mysql have been
corrected in the source package.  These include CAN-2004-0835,
CAN-2004-0836, CAN-2004-0837, and CAN-2004-0957.  Red Hat Enterprise Linux
3 does not ship with the mysql-server package and is therefore not affected
by these issues.

This update also allows 32-bit and 64-bit libraries to be installed
concurrently on the same system.

All users of mysql should upgrade to these updated packages, which resolve
these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

     up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

     http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

58732 - /etc/init.d/mysqld doesn't wait for server to start
108779 - Always timeout error starting MySQL Daemon
117017 - RHEL2.1: removing mysql-server does not remove the mysql user.
115165 - botched string concat ?
113960 - [PATCH] Bug fix + enhancement for mysql_setpermission
112693 - mysqlhotcopy of local Fedora DB broken after upgrade from RH9
102190 - specfile contains improper log details in %files
124352 - Cannot drop databases
119442 - CAN-2004-0381 mysqlbug temporary file vulnerability
130348 - CAN-2004-0457 mysqlhotcopy insecure temporary file vulnerability
128852 - database service should start earlier
129409 - linking with 'mysql --libs' doesent seem to work correctly.
133993 - Service mysqld restart
135387 - CAN-2004-0835 MySQL flaws (CAN-2004-0836, CAN-2004-0837, CAN-2004-0957)

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mysql-3.23.58-2.3.src.rpm
3fea570d29c4a66fd5578705fd3a5f08  mysql-3.23.58-2.3.src.rpm

i386:
a5291f0504a64c7640818b554b2ec268  mysql-3.23.58-2.3.i386.rpm
d8d9f29055d4f9ac2bd0c577cf3c9f1a  mysql-bench-3.23.58-2.3.i386.rpm
942437a7d22c99a96ccbc1fe30e01857  mysql-devel-3.23.58-2.3.i386.rpm

ia64:
273e64f3bc444f642cc27e149047e88b  mysql-3.23.58-2.3.ia64.rpm
a5291f0504a64c7640818b554b2ec268  mysql-3.23.58-2.3.i386.rpm
035537b43e8860f4713bb8ba2f434376  mysql-bench-3.23.58-2.3.ia64.rpm
b10cfeaa55f652962f424036f6dd169b  mysql-devel-3.23.58-2.3.ia64.rpm

ppc:
22972cd7c174cd85e0c08cf6232d90c2  mysql-3.23.58-2.3.ppc.rpm
3d2f07341d89c5793f56dc9879b4c4e6  mysql-bench-3.23.58-2.3.ppc.rpm
2a3bb5baaecc6f1101d2a9d2c0f0938b  mysql-devel-3.23.58-2.3.ppc.rpm

ppc64:
552fb60408534cc09ea24f7a141a016b  mysql-3.23.58-2.3.ppc64.rpm

s390:
f47fbbc3e354853485c5424dc22ccc8c  mysql-3.23.58-2.3.s390.rpm
973e0714e31de71c0efad0599941bb7e  mysql-bench-3.23.58-2.3.s390.rpm
6efe72cbdabdde4e2d3db8c24d5e8e24  mysql-devel-3.23.58-2.3.s390.rpm

s390x:
e525bd1a40a1157ff99f79006d8447fe  mysql-3.23.58-2.3.s390x.rpm
f47fbbc3e354853485c5424dc22ccc8c  mysql-3.23.58-2.3.s390.rpm
62bc707e3a3a6444e7dad5fd0947249a  mysql-bench-3.23.58-2.3.s390x.rpm
a07377d3c15bcbf4a978676036a04d76  mysql-devel-3.23.58-2.3.s390x.rpm

x86_64:
f11ffaa788c38434a7259bccf485b1a0  mysql-3.23.58-2.3.x86_64.rpm
a5291f0504a64c7640818b554b2ec268  mysql-3.23.58-2.3.i386.rpm
9c20d57a7c724de9cd30a7a8be88fa1e  mysql-bench-3.23.58-2.3.x86_64.rpm
14a7a2b00486de17c287bf90010b7377  mysql-devel-3.23.58-2.3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mysql-3.23.58-2.3.src.rpm
3fea570d29c4a66fd5578705fd3a5f08  mysql-3.23.58-2.3.src.rpm

i386:
a5291f0504a64c7640818b554b2ec268  mysql-3.23.58-2.3.i386.rpm
d8d9f29055d4f9ac2bd0c577cf3c9f1a  mysql-bench-3.23.58-2.3.i386.rpm
942437a7d22c99a96ccbc1fe30e01857  mysql-devel-3.23.58-2.3.i386.rpm

x86_64:
f11ffaa788c38434a7259bccf485b1a0  mysql-3.23.58-2.3.x86_64.rpm
a5291f0504a64c7640818b554b2ec268  mysql-3.23.58-2.3.i386.rpm
9c20d57a7c724de9cd30a7a8be88fa1e  mysql-bench-3.23.58-2.3.x86_64.rpm
14a7a2b00486de17c287bf90010b7377  mysql-devel-3.23.58-2.3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mysql-3.23.58-2.3.src.rpm
3fea570d29c4a66fd5578705fd3a5f08  mysql-3.23.58-2.3.src.rpm

i386:
a5291f0504a64c7640818b554b2ec268  mysql-3.23.58-2.3.i386.rpm
d8d9f29055d4f9ac2bd0c577cf3c9f1a  mysql-bench-3.23.58-2.3.i386.rpm
942437a7d22c99a96ccbc1fe30e01857  mysql-devel-3.23.58-2.3.i386.rpm

ia64:
273e64f3bc444f642cc27e149047e88b  mysql-3.23.58-2.3.ia64.rpm
a5291f0504a64c7640818b554b2ec268  mysql-3.23.58-2.3.i386.rpm
035537b43e8860f4713bb8ba2f434376  mysql-bench-3.23.58-2.3.ia64.rpm
b10cfeaa55f652962f424036f6dd169b  mysql-devel-3.23.58-2.3.ia64.rpm

x86_64:
f11ffaa788c38434a7259bccf485b1a0  mysql-3.23.58-2.3.x86_64.rpm
a5291f0504a64c7640818b554b2ec268  mysql-3.23.58-2.3.i386.rpm
9c20d57a7c724de9cd30a7a8be88fa1e  mysql-bench-3.23.58-2.3.x86_64.rpm
14a7a2b00486de17c287bf90010b7377  mysql-devel-3.23.58-2.3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mysql-3.23.58-2.3.src.rpm
3fea570d29c4a66fd5578705fd3a5f08  mysql-3.23.58-2.3.src.rpm

i386:
a5291f0504a64c7640818b554b2ec268  mysql-3.23.58-2.3.i386.rpm
d8d9f29055d4f9ac2bd0c577cf3c9f1a  mysql-bench-3.23.58-2.3.i386.rpm
942437a7d22c99a96ccbc1fe30e01857  mysql-devel-3.23.58-2.3.i386.rpm

ia64:
273e64f3bc444f642cc27e149047e88b  mysql-3.23.58-2.3.ia64.rpm
a5291f0504a64c7640818b554b2ec268  mysql-3.23.58-2.3.i386.rpm
035537b43e8860f4713bb8ba2f434376  mysql-bench-3.23.58-2.3.ia64.rpm
b10cfeaa55f652962f424036f6dd169b  mysql-devel-3.23.58-2.3.ia64.rpm

x86_64:
f11ffaa788c38434a7259bccf485b1a0  mysql-3.23.58-2.3.x86_64.rpm
a5291f0504a64c7640818b554b2ec268  mysql-3.23.58-2.3.i386.rpm
9c20d57a7c724de9cd30a7a8be88fa1e  mysql-bench-3.23.58-2.3.x86_64.rpm
14a7a2b00486de17c287bf90010b7377  mysql-devel-3.23.58-2.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0457

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBdsC+XlSAg2UNWIIRAtqpAKC5PDXwBDy+Se6OgTYSIe4AJtSP5QCeOuAp
dU4BbLANx/21TUx8It8HBsM=
=chW6
- -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAgUBQXekFSgU04YpslABAQGkVwf/TqWo7jnHCTY+yz7wXyhGcazpkarI2M7Y
GcJiw5JtCJ5Uqc3OuhJgqVSMg7lJtkdwsK53vK2vYIFSPF/Yaa8W1fH/ACs5xw4G
1FOWHy7NkkEAUjQILOj7Lk2GQN3y8OVnszZPQIiXoch2lQCzQdpJj5RC5UOUJboB
vDgE/4hQinmmbOwSD6EzHNUsrxABmF9K+Id7TWmBWWj7cuQ+bbB7QzYJNSwJSrpv
hcW1M4ujTM1qdbIBCfEw/RwKSNgNXsu7pgA6nE7jlTj8MRYziEre800GzfvHubiL
sBnzcTehv4RIbNPZrz5IIg/Tg6dWi4eTUD80s74Lk6NbHZX8WVyPqA==
=Qunb
-----END PGP SIGNATURE-----






More information about the Security-Announce mailing list