Package: mysql-dfsg Version: unavailable; reported 2005-03-11 Severity: grave Tags: security
Stefano Di Paola discovered that MySQL is vulnerable to a symlink attack if an authenticated user has CREATE TEMPORARY TABLE privileges on any existent database. There does not seem to be a CVE assignment yet. The full advisory can be found at: http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0082.html The advisory claims that MySQL has released a fix, and new upstream releases (4.0.24 and 4.1.10a), which haven't appeared on mysql.com yet. Cheers, Moritz -- System Information: Debian Release: 3.0 Architecture: i386 Kernel: Linux anton 2.4.29-univention.1 #1 SMP Thu Jan 27 17:08:46 CET 2005 i686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
