Rapid7 Vulnerability & Exploit Database

RHSA-2008:0768: mysql security, bug fix, and enhancement update

Back to Search

RHSA-2008:0768: mysql security, bug fix, and enhancement update



MySQL is a multi-user, multi-threaded SQL database server. MySQL is aclient/server implementation consisting of a server daemon (mysqld), andmany different client programs and libraries.MySQL did not correctly check directories used as arguments for the DATADIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticatedattacker could elevate their access privileges to tables created by otherdatabase users. Note: this attack does not work on existing tables. Anattacker can only elevate their access to another user's tables as thetables are created. As well, the names of these created tables need to bepredicted correctly for this attack to succeed. (CVE-2008-2079)MySQL did not require the "DROP" privilege for "RENAME TABLE" statements.An authenticated user could use this flaw to rename arbitrary tables.(CVE-2007-2691)MySQL allowed an authenticated user to access a table through a previouslycreated MERGE table, even after the user's privileges were revoked from theoriginal table, which might violate intended security policy. This isaddressed by allowing the MERGE storage engine to be disabled, which can bedone by running mysqld with the "--skip-merge" option. (CVE-2006-4031)A flaw in MySQL allowed an authenticated user to cause the MySQL daemon tocrash via crafted SQL queries. This only caused a temporary denial ofservice, as the MySQL daemon is automatically restarted after the crash.(CVE-2006-3469)As well, these updated packages fix the following bugs:As well, the MySQL init script now uses more reliable methods fordetermining parameters, such as the data directory location.Note: these updated packages upgrade MySQL to version 4.1.22. For a fulllist of bug fixes and enhancements, refer to the MySQL release notes:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.htmlAll mysql users are advised to upgrade to these updated packages, whichresolve these issues and add this enhancement.


  • redhat-upgrade-mysql
  • redhat-upgrade-mysql-bench
  • redhat-upgrade-mysql-devel
  • redhat-upgrade-mysql-server

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center