Nessus Plugin #14343
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
MySQL mysqlhotcopy script insecure temporary file
- Family:
- Misc.
- Category:
- infos
- Copyright:
- This script is Copyright (C) 2004 David Maciejak
- Summary:
- Checks for the remote MySQL version
- Version:
- $Revision: 1.2 $
- Cve_id:
- CAN-2004-0457
- Bugtraq_id:
- 10969
- Xrefs:
- -
- Description:
You are running a version of MySQL which is older than version 4.0.21.
mysqlhotcopy is reported to contain an insecure temporary file creation
vulnerability.
The result of this is that temporary files created by the application may
use predictable filenames.
A local attacker may also possibly exploit this vulnerability to execute
symbolic link file overwrite attacks.
*** Note : this vulnerability is local only
Risk factor : Medium
Solution : Upgrade to the latest version of MySQL 4.0.21 or newer
Generiert am 27.04.2005 um 18:49:54 Uhr.