First published: Thu Jul 24 2008(Updated: )
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a<br>client/server implementation consisting of a server daemon (mysqld), and<br>many different client programs and libraries.<br>MySQL did not correctly check directories used as arguments for the DATA<br>DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated<br>attacker could elevate their access privileges to tables created by other<br>database users. Note: this attack does not work on existing tables. An<br>attacker can only elevate their access to another user's tables as the<br>tables are created. As well, the names of these created tables need to be<br>predicted correctly for this attack to succeed. (CVE-2008-2079)<br>MySQL did not require the "DROP" privilege for "RENAME TABLE" statements.<br>An authenticated user could use this flaw to rename arbitrary tables.<br>(CVE-2007-2691)<br>MySQL allowed an authenticated user to access a table through a previously<br>created MERGE table, even after the user's privileges were revoked from the<br>original table, which might violate intended security policy. This is<br>addressed by allowing the MERGE storage engine to be disabled, which can be<br>done by running mysqld with the "--skip-merge" option. (CVE-2006-4031)<br>A flaw in MySQL allowed an authenticated user to cause the MySQL daemon to<br>crash via crafted SQL queries. This only caused a temporary denial of<br>service, as the MySQL daemon is automatically restarted after the crash.<br>(CVE-2006-3469)<br>As well, these updated packages fix the following bugs:<br><li> in the previous mysql packages, if a column name was referenced more </li> than once in an "ORDER BY" section of a query, a segmentation fault<br>occurred.<br><li> when MySQL failed to start, the init script returned a successful (0) </li> exit code. When using the Red Hat Cluster Suite, this may have caused<br>cluster services to report a successful start, even when MySQL failed to<br>start. In these updated packages, the init script returns the correct exit<br>codes, which resolves this issue.<br><li> it was possible to use the mysqld_safe command to specify invalid port </li> numbers (higher than 65536), causing invalid ports to be created, and, in<br>some cases, a "port number definition: unsigned short" error. In these<br>updated packages, when an invalid port number is specified, the default<br>port number is used.<br><li> when setting "myisam_repair_threads > 1", any repair set the index </li> cardinality to "1", regardless of the table size.<br><li> the MySQL init script no longer runs "chmod -R" on the entire database </li> directory tree during every startup.<br><li> when running "mysqldump" with the MySQL 4.0 compatibility mode option, </li> "--compatible=mysql40", mysqldump created dumps that omitted the<br>"auto_increment" field.<br>As well, the MySQL init script now uses more reliable methods for<br>determining parameters, such as the data directory location.<br>Note: these updated packages upgrade MySQL to version 4.1.22. For a full<br>list of bug fixes and enhancements, refer to the MySQL release notes:<br><a href="http://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html" target="_blank">http://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html</a> <br>All mysql users are advised to upgrade to these updated packages, which<br>resolve these issues and add this enhancement.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/mysql | <4.1.22-2.el4 | 4.1.22-2.el4 |
redhat/mysql | <4.1.22-2.el4 | 4.1.22-2.el4 |
redhat/mysql-bench | <4.1.22-2.el4 | 4.1.22-2.el4 |
redhat/mysql-devel | <4.1.22-2.el4 | 4.1.22-2.el4 |
redhat/mysql-server | <4.1.22-2.el4 | 4.1.22-2.el4 |
redhat/mysql-bench | <4.1.22-2.el4 | 4.1.22-2.el4 |
redhat/mysql-devel | <4.1.22-2.el4 | 4.1.22-2.el4 |
redhat/mysql-server | <4.1.22-2.el4 | 4.1.22-2.el4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.