Rapid7 Vulnerability & Exploit Database

RHSA-2007:0083: mysql security update

Back to Search

RHSA-2007:0083: mysql security update



Updated MySQL packages for the Red Hat Application Stack comprising the v1.1 release are now available. This update also resolves some minor security issues rated as having low security impact by the Red Hat Security Response Team.

Several minor security issues were found in MySQL: MySQL allowed remote authenticated users to create or access a database when the database name differed only in case from a database for which they had permissions. (CVE-2006-4226) MySQL evaluated arguments in the wrong security context which allowed remote authenticated users to gain privileges through a routine that had been made available using GRANT EXECUTE. (CVE-2006-4227) MySQL allowed a local user to access a table through a previously created MERGE table, even after the user's privileges were revoked for the original table, which might violate intended security policy. (CVE-2006-4031) MySQL allowed authenticated users to cause a denial of service (crash) via a NULL second argument to the str_to_date function. (CVE-2006-3081) MySQL allowed local authenticated users to bypass logging mechanisms via SQL queries that contain the NULL character, which were not properly handled by the mysql_real_query function. (CVE-2006-0903) Users of MySQL should upgrade to these updated packages, which resolve these issues.


  • redhat-upgrade-mysql
  • redhat-upgrade-mysql-bench
  • redhat-upgrade-mysql-devel
  • redhat-upgrade-mysql-server
  • redhat-upgrade-mysql-test

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center