Vulnerability & Exploit Database

Back to search

CESA-2007:1155: RHSA-2007:1155

Severity CVSS Published Added Modified
7 (AV:N/AC:H/Au:S/C:C/I:C/A:C) December 10, 2007 March 12, 2010 August 29, 2017


Important: mysql security updateMySQL is a multi-user, multi-threaded SQL database server. MySQL is aclient/server implementation consisting of a server daemon (mysqld), andmany different client programs and libraries.A flaw was found in a way MySQL handled symbolic links when database tableswere created with explicit "DATA" and "INDEX DIRECTORY" options. Anauthenticated user could create a table that would overwrite tables inother databases, causing destruction of data or allowing the user toelevate privileges. (CVE-2007-5969)A flaw was found in a way MySQL's InnoDB engine handled spatial indexes. Anauthenticated user could create a table with spatial indexes, which are notsupported by the InnoDB engine, that would cause the mysql daemon to crashwhen used. This issue only causes a temporary denial of service, as themysql daemon will be automatically restarted after the crash.(CVE-2007-5925)All mysql users are advised to upgrade to these updated packages, whichcontain backported patches to resolve these issues.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now




Related Vulnerabilities