Rapid7 Vulnerability & Exploit Database

RHSA-2008:0364: mysql security and bug fix update

Back to Search

RHSA-2008:0364: mysql security and bug fix update



MySQL is a multi-user, multi-threaded SQL database server. MySQL is aclient/server implementation consisting of a server daemon (mysqld), andmany different client programs and libraries.MySQL did not require privileges such as "SELECT" for the source table in a"CREATE TABLE LIKE" statement. An authenticated user could obtain sensitiveinformation, such as the table structure. (CVE-2007-3781)A flaw was discovered in MySQL that allowed an authenticated user to gainupdate privileges for a table in another database, via a view that refersto the external table. (CVE-2007-3782)MySQL did not require the "DROP" privilege for "RENAME TABLE" statements.An authenticated user could use this flaw to rename arbitrary tables.(CVE-2007-2691)A flaw was discovered in the mysql_change_db function when returning fromSQL SECURITY INVOKER stored routines. An authenticated user could use thisflaw to gain database privileges. (CVE-2007-2692)MySQL allowed an authenticated user to bypass logging mechanisms via SQLqueries that contain the NULL character, which were not properly handled bythe mysql_real_query function. (CVE-2006-0903)MySQL allowed an authenticated user to access a table through a previouslycreated MERGE table, even after the user's privileges were revoked fromthe original table, which might violate intended security policy. This isaddressed by allowing the MERGE storage engine to be disabled, which canbe done by running mysqld with the "--skip-merge" option. (CVE-2006-4031)MySQL evaluated arguments in the wrong security context, which allowed anauthenticated user to gain privileges through a routine that had been madeavailable using "GRANT EXECUTE". (CVE-2006-4227)Multiple flaws in MySQL allowed an authenticated user to cause the MySQLdaemon to crash via crafted SQL queries. This only caused a temporarydenial of service, as the MySQL daemon is automatically restarted after thecrash. (CVE-2006-7232, CVE-2007-1420, CVE-2007-2583)As well, these updated packages fix the following bugs:Note: these updated packages upgrade MySQL to version 5.0.45. For a fulllist of bug fixes and enhancements, refer to the MySQL release notes:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0.htmlAll mysql users are advised to upgrade to these updated packages, whichresolve these issues.


  • redhat-upgrade-mysql
  • redhat-upgrade-mysql-bench
  • redhat-upgrade-mysql-devel
  • redhat-upgrade-mysql-server
  • redhat-upgrade-mysql-test

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center