• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: MySQL Mysqlhotcopy Script Insecure Temporary File Creation Vulnerability

Severity: LOW

Description:

mysqlhotcopy is a script that is used as a hot-backup utility for local MySQL databases. It is implement in Perl. This script is part of the mysql-server package.

mysqlhotcopy is reported to contain an insecure temporary file creation vulnerability. The result of this is that temporary files created by the application may use predictable filenames. This issue presents itself when the 'scp' method is used with the script.

A local attacker may also possibly exploit this vulnerability to execute symbolic link file overwrite attacks. This may allow an attacker to overwrite arbitrary files with the privileges of the targeted user. Privilege escalation may also be possible using this method of attack.

It was confirmed that this issue exists in mysqlhotcopy shipped with MySQL 3.23.49 and 4.0.20. Other versions of MySQL are likely to be affected as well. This BID will be updated as more information becomes available.

Affected Products:

• Debian Linux 3.0.0 alpha
• Debian Linux 3.0.0 arm
• Debian Linux 3.0.0 hppa
• Debian Linux 3.0.0 ia-32
• Debian Linux 3.0.0 ia-64
• Debian Linux 3.0.0 m68k
• Debian Linux 3.0.0 mips
• Debian Linux 3.0.0 mipsel
• Debian Linux 3.0.0 ppc
• Debian Linux 3.0.0 s/390
• Debian Linux 3.0.0 sparc
• Gentoo Linux 0.5.0
• Gentoo Linux 0.7.0
• Gentoo Linux 1.1.0 A
• Gentoo Linux 1.2.0
• Gentoo Linux 1.4.0
• Gentoo Linux 1.4.0 _rc1
• Gentoo Linux 1.4.0 _rc2
• Gentoo Linux 1.4.0 _rc3
• MandrakeSoft Corporate Server 2.1.0
• MandrakeSoft Corporate Server 2.1.0 x86_64
• MandrakeSoft Linux Mandrake 10.0.0
• MandrakeSoft Linux Mandrake 10.0.0 amd64
• MandrakeSoft Linux Mandrake 10.1.0
• MandrakeSoft Linux Mandrake 10.1.0 x86_64
• MandrakeSoft Linux Mandrake 9.2.0
• MandrakeSoft Linux Mandrake 9.2.0 amd64
• MySQL AB MySQL 3.23.49
• MySQL AB MySQL 4.0.20
• RedHat Desktop 3.0.0
• RedHat Enterprise Linux AS 3
• RedHat Enterprise Linux ES 3
• RedHat Enterprise Linux WS 3
• RedHat Fedora Core1
• RedHat Linux 7.3.0
• RedHat Linux 7.3.0 i386
• RedHat Linux 7.3.0 i686
• RedHat Linux 9.0.0 i386
• S.u.S.E. Linux 8.0.0
• S.u.S.E. Linux 8.1.0
• S.u.S.E. Linux Personal 8.2.0
• S.u.S.E. Linux Personal 9.0.0
• S.u.S.E. Linux Personal 9.0.0 x86_64
• S.u.S.E. Linux Personal 9.1.0
• S.u.S.E. Linux Personal 9.2.0
• Ubuntu Ubuntu Linux 4.1.0 ia32
• Ubuntu Ubuntu Linux 4.1.0 ia64
• Ubuntu Ubuntu Linux 4.1.0 ppc

References:

• MySQL AB: MySQL Homepage
• Red Hat: RHSA-2004:569-16 - Updated mysql packages fix minor security issues and bugs

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.