Rapid7 Vulnerability & Exploit Database

RHSA-2010:0110: mysql security update

Back to Search

RHSA-2010:0110: mysql security update



MySQL is a multi-user, multi-threaded SQL database server. It consists ofthe MySQL server daemon (mysqld) and many client programs and libraries.Multiple flaws were discovered in the way MySQL handled symbolic links totables created using the DATA DIRECTORY and INDEX DIRECTORY directives inCREATE TABLE statements. An attacker with CREATE and DROP table privilegesand shell access to the database server could use these flaws to escalatetheir database privileges, or gain access to tables created by otherdatabase users. (CVE-2008-4098, CVE-2009-4030)Note: Due to the security risks and previous security issues related to theuse of the DATA DIRECTORY and INDEX DIRECTORY directives, users notdepending on this feature should consider disabling it by adding"symbolic-links=0" to the "[mysqld]" section of the "my.cnf" configurationfile. In this update, an example of such a configuration was added to thedefault "my.cnf" file.An insufficient HTML entities quoting flaw was found in the mysql commandline client's HTML output mode. If an attacker was able to inject arbitraryHTML tags into data stored in a MySQL database, which was later retrievedusing the mysql command line client and its HTML output mode, they couldperform a cross-site scripting (XSS) attack against victims viewing theHTML output in a web browser. (CVE-2008-4456)Multiple format string flaws were found in the way the MySQL server loggeduser commands when creating and deleting databases. A remote, authenticatedattacker with permissions to CREATE and DROP databases could use theseflaws to formulate a specially-crafted SQL command that would cause atemporary denial of service (open connections to mysqld are terminated).(CVE-2009-2446)Note: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld"--log" command line option or the "log" option in "my.cnf") must beenabled. This logging is not enabled by default.All MySQL users are advised to upgrade to these updated packages, whichcontain backported patches to resolve these issues. After installing thisupdate, the MySQL server daemon (mysqld) will be restarted automatically.


  • redhat-upgrade-mysql
  • redhat-upgrade-mysql-bench
  • redhat-upgrade-mysql-devel
  • redhat-upgrade-mysql-server

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center