• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Conectiva Linux MySQL World Readable Log File Vulnerability

MySQL is a relational database management system (RDBMS), freely available and open source. It is maintained by MySQL AB.

All queries made to the database are stored in the /var/log/mysql file, queries logged include user creation, password changes etc. Due to a flaw in the implementation of MySQL, the mysql file is stored as world readable, potentially disclosing sensitive information to local attackers.

It has been reported that only Conectiva Linux's implementation of MySQL incorrectly leaves the permissions of this file as world readable.