[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] mysql-5.1.41
From: Tomas Hoger <thoger () redhat ! com>
Date: 2009-12-17 16:01:59
Message-ID: 20091217170159.3593e2af () redhat ! com
[Download RAW message or body]
On Thu, 17 Dec 2009 16:28:16 +0100 Sergei Golubchik <serg@mysql.com>
wrote:
> > > Name: CVE-2009-4030
> > >
> > > MySQL 5.1.x before 5.1.41 allows local users to bypass certain
> > > privilege checks by calling CREATE TABLE on a MyISAM table with
> > > modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are
> > > originally associated with pathnames without symlinks, and that can
> > > point to tables created at a future time at which a pathname is
> > > modified to contain a symlink to a subdirectory of the MySQL data home
> > > directory, related to incorrect calculation of the
> > > mysql_unpacked_real_data_home value. NOTE: this vulnerability exists
> > > because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
> >
> > This problem is limited to situation where --datadir gets a relative
> > path not starting with '.' and current working directory is not
> > --basedir, right?
>
> You mean the last problem in the bug report ?
> Yes.
The "Fixed a initialization order remark by Serg" fix, problem pointed
out in your comment dated as "[14 Jul 15:53] Sergei Golubchik".
As when you use full path for --datadir, it's correctly expanded using
realpath. Relative paths starting with '.' are expected to be resolved
from CWD. I've not checked path starting with '~', they may be
affected by this problem too.
Thank you for clarifications / confirmations!
--
Tomas Hoger / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic