Boletines de Vulnerabilidades |
Escalada de privilegios en MySQL |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Aumento de privilegios |
Dificultad | Avanzado |
Requerimientos del atacante | Acceso remoto con cuenta |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado |
MySQL 3.x MySQL 4.0.x <= 4.0.23 MySQL 4.1.x <= 4.1.10 MySQL 5.0.x <= 5.0.3 |
Descripción |
|
El script mysqlaccess en MySQL permite a usuarios locales sobreescribir archivos arbitrarios o leer archivos temporales mediante un ataque de enlace simbólico sobre los últimos. | |
Solución |
|
Software update Debian Linux Debian Linux 3.0 Source: http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.9.dsc http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.9.diff.gz http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz Architecture-independent component: http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.9_all.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb Alpha: http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_alpha.deb http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_alpha.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_alpha.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_alpha.deb ARM: http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_arm.deb http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_arm.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_arm.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_arm.deb Intel IA-32: http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_i386.deb http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_i386.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_i386.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_i386.deb Intel IA-64: http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_ia64.deb http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_ia64.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_ia64.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_ia64.deb HPPA: http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_hppa.deb http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_hppa.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_hppa.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_hppa.deb Motorola 680x0: http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_m68k.deb http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_m68k.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_m68k.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_m68k.deb Big endian MIPS: http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_mips.deb http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_mips.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_mips.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_mips.deb Little endian MIPS: http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_mipsel.deb http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_mipsel.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_mipsel.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_mipsel.deb PowerPC: http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_powerpc.deb http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_powerpc.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_powerpc.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_powerpc.deb IBM S/390: http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_s390.deb http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_s390.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_s390.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_s390.deb Sun Sparc: http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_sparc.deb http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_sparc.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_sparc.deb http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_sparc.deb Mandrake Linux Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libmysql12-4.0.18-1.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libmysql12-devel-4.0.18-1.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libqt3-mysql-3.2.3-19.6.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/MySQL-4.0.18-1.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/MySQL-Max-4.0.18-1.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/MySQL-bench-4.0.18-1.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/MySQL-client-4.0.18-1.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/MySQL-common-4.0.18-1.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/MySQL-4.0.18-1.3.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64mysql12-4.0.18-1.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64mysql12-devel-4.0.18-1.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64qt3-mysql-3.2.3-19.6.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/MySQL-4.0.18-1.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/MySQL-Max-4.0.18-1.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/MySQL-bench-4.0.18-1.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/MySQL-client-4.0.18-1.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/MySQL-common-4.0.18-1.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/MySQL-4.0.18-1.3.100mdk.src.rpm Mandrakelinux 10.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libmysql12-4.0.20-3.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libmysql12-devel-4.0.20-3.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libqt3-mysql-3.3.3-27.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/MySQL-4.0.20-3.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/MySQL-Max-4.0.20-3.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/MySQL-bench-4.0.20-3.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/MySQL-client-4.0.20-3.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/MySQL-common-4.0.20-3.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/MySQL-4.0.20-3.2.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64mysql12-4.0.20-3.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64mysql12-devel-4.0.20-3.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64qt3-mysql-3.3.3-27.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/libqt3-mysql-3.3.3-27.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/MySQL-4.0.20-3.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/MySQL-Max-4.0.20-3.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/MySQL-bench-4.0.20-3.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/MySQL-client-4.0.20-3.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/MySQL-common-4.0.20-3.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/MySQL-4.0.20-3.2.101mdk.src.rpm Corporate Server 2.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libmysql10-3.23.56-1.7.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.7.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/MySQL-3.23.56-1.7.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.7.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.7.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/MySQL-client-3.23.56-1.7.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/MySQL-3.23.56-1.7.C21mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libmysql10-3.23.56-1.7.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.7.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/MySQL-3.23.56-1.7.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.7.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.7.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/MySQL-client-3.23.56-1.7.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/MySQL-3.23.56-1.7.C21mdk.src.rpm Corporate Server 3.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libmysql12-4.0.18-1.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libmysql12-devel-4.0.18-1.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/MySQL-4.0.18-1.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/MySQL-Max-4.0.18-1.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/MySQL-bench-4.0.18-1.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/MySQL-client-4.0.18-1.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/MySQL-common-4.0.18-1.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/MySQL-4.0.18-1.3.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64mysql12-4.0.18-1.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64mysql12-devel-4.0.18-1.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64qt3-mysql-3.2.3-19.6.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/MySQL-4.0.18-1.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/MySQL-Max-4.0.18-1.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/MySQL-bench-4.0.18-1.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/MySQL-client-4.0.18-1.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/MySQL-common-4.0.18-1.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/MySQL-4.0.18-1.3.C30mdk.src.rpm SUN SPARC Platform Solaris 10 con parche 120292-01 o posterior x86 Platform Solaris 10 con parche 120293-01 o posterior |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CAN-2005-0004 |
BID | |
Recursos adicionales |
|
Debian Security Advisory DSA-647-1 http://www.debian.org/security/2005/dsa-647 Mandrakesoft Security Advisories MDKSA-2005:036 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:036 Sun Alert Notification (101864) http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1&searchclause=%22category:security%22%20%22availability,%20security%22%20category:security |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2005-01-20 |
1.1 | Aviso emitido por Mandrake (MDKSA-2005:036) | 2005-02-11 |
1.2 | Aviso emitido por SUN (101864) | 2005-08-12 |