FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mysql -- mysqlhotcopy insecure temporary file creation

Affected packages
mysql-scripts <= 3.23.58
4 < mysql-scripts <= 4.0.20
4.1 < mysql-scripts <= 4.1.3
5 < mysql-scripts <= 5.0.0_1

Details

VuXML ID 0c4d5973-f2ab-11d8-9837-000c41e2cdad
Discovery 2004-08-18
Entry 2004-08-22

According to Christian Hammers:

[mysqlhotcopy created] temporary files in /tmp which had predictable filenames and such could be used for a tempfile run attack.

[source]

Jeroen van Wolffelaar is credited with discovering the issue.

References

CVE Name CVE-2004-0457
Message http://lists.mysql.com/internals/15185
URL http://www.debian.org/security/2004/dsa-540

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.