Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 11 Nov 2009 12:48:44 -0500 (EST)
From: Josh Bressers <>
To: oss-security <>
Cc: coley <>,
Subject: CVE assignment and second opinion needed

Hi Steve,

So this one is a bit tricky.

There are almost two flaws here, certainly one. The issue really boils down to
if /var/lib/mysql is world readable, it's possible for a local user who also
has database access, and can guess a future database table name, could ensure
that table will be a world writable file. That's an impressive runon sentence.

So The question I have with respect to CVE assignment, is which part of this
is worth of the ID. I'm thinking the directory permissions are possibly an
issue, but by itself, isn't really a security flaw.

The CREATE TABLE not fixing permissions if the file already exists is probably
closer to the real problem. Being able to do a select into an outfile anywhere
by default may also be an issue.

I'm CCing Sergei Golubchik from MySQL who reported this to the packagers list
so he can weigh in if I'm wrong (which is very possible).

Also, Sergei, do you folks have a fix for this yet? I'm curious to see what
you're fixing, which may help decide CVE assignment.



Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.