Rapid7 Vulnerability & Exploit Database

RHSA-2009:1289: mysql security and bug fix update

Back to Search

RHSA-2009:1289: mysql security and bug fix update



MySQL is a multi-user, multi-threaded SQL database server. It consists ofthe MySQL server daemon (mysqld) and many client programs and libraries.MySQL did not correctly check directories used as arguments for the DATADIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticatedattacker could elevate their access privileges to tables created by otherdatabase users. Note: This attack does not work on existing tables. Anattacker can only elevate their access to another user's tables as thetables are created. As well, the names of these created tables need to bepredicted correctly for this attack to succeed. (CVE-2008-2079)A flaw was found in the way MySQL handles an empty bit-string literal. Aremote, authenticated attacker could crash the MySQL server daemon (mysqld)if they used an empty bit-string literal in an SQL statement. This issueonly caused a temporary denial of service, as the MySQL daemon wasautomatically restarted after the crash. (CVE-2008-3963)An insufficient HTML entities quoting flaw was found in the mysql commandline client's HTML output mode. If an attacker was able to inject arbitraryHTML tags into data stored in a MySQL database, which was later retrievedusing the mysql command line client and its HTML output mode, they couldperform a cross-site scripting (XSS) attack against victims viewing theHTML output in a web browser. (CVE-2008-4456)Multiple format string flaws were found in the way the MySQL server logsuser commands when creating and deleting databases. A remote, authenticatedattacker with permissions to CREATE and DROP databases could use theseflaws to formulate a specifically-crafted SQL command that would cause atemporary denial of service (open connections to mysqld are terminated).(CVE-2009-2446)Note: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld"--log" command line option or the "log" option in "/etc/my.cnf") must beenabled. This logging is not enabled by default.This update also fixes multiple bugs. Details regarding these bugs can befound in the Red Hat Enterprise Linux 5.4 Technical Notes. You can find alink to the Technical Notes in the References section of this errata.Note: These updated packages upgrade MySQL to version 5.0.77 to incorporatenumerous upstream bug fixes. Details of these changes are found in thefollowing MySQL Release Notes:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-77.htmlAll MySQL users are advised to upgrade to these updated packages, whichresolve these issues. After installing this update, the MySQL serverdaemon (mysqld) will be restarted automatically.


  • redhat-upgrade-mysql
  • redhat-upgrade-mysql-bench
  • redhat-upgrade-mysql-devel
  • redhat-upgrade-mysql-server
  • redhat-upgrade-mysql-test

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center