First published: Wed Sep 02 2009(Updated: )
MySQL is a multi-user, multi-threaded SQL database server. It consists of<br>the MySQL server daemon (mysqld) and many client programs and libraries.<br>MySQL did not correctly check directories used as arguments for the DATA<br>DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated<br>attacker could elevate their access privileges to tables created by other<br>database users. Note: This attack does not work on existing tables. An<br>attacker can only elevate their access to another user's tables as the<br>tables are created. As well, the names of these created tables need to be<br>predicted correctly for this attack to succeed. (CVE-2008-2079)<br>A flaw was found in the way MySQL handles an empty bit-string literal. A<br>remote, authenticated attacker could crash the MySQL server daemon (mysqld)<br>if they used an empty bit-string literal in an SQL statement. This issue<br>only caused a temporary denial of service, as the MySQL daemon was<br>automatically restarted after the crash. (CVE-2008-3963)<br>An insufficient HTML entities quoting flaw was found in the mysql command<br>line client's HTML output mode. If an attacker was able to inject arbitrary<br>HTML tags into data stored in a MySQL database, which was later retrieved<br>using the mysql command line client and its HTML output mode, they could<br>perform a cross-site scripting (XSS) attack against victims viewing the<br>HTML output in a web browser. (CVE-2008-4456)<br>Multiple format string flaws were found in the way the MySQL server logs<br>user commands when creating and deleting databases. A remote, authenticated<br>attacker with permissions to CREATE and DROP databases could use these<br>flaws to formulate a specifically-crafted SQL command that would cause a<br>temporary denial of service (open connections to mysqld are terminated).<br>(CVE-2009-2446)<br>Note: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld<br>"--log" command line option or the "log" option in "/etc/my.cnf") must be<br>enabled. This logging is not enabled by default.<br>This update also fixes multiple bugs. Details regarding these bugs can be<br>found in the Red Hat Enterprise Linux 5.4 Technical Notes. You can find a<br>link to the Technical Notes in the References section of this errata.<br>Note: These updated packages upgrade MySQL to version 5.0.77 to incorporate<br>numerous upstream bug fixes. Details of these changes are found in the<br>following MySQL Release Notes:<br><a href="http://dev.mysql.com/doc/refman/5.0/en/news-5-0-77.html" target="_blank">http://dev.mysql.com/doc/refman/5.0/en/news-5-0-77.html</a> All MySQL users are advised to upgrade to these updated packages, which<br>resolve these issues. After installing this update, the MySQL server<br>daemon (mysqld) will be restarted automatically.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/mysql | <5.0.77-3.el5 | 5.0.77-3.el5 |
redhat/mysql | <5.0.77-3.el5 | 5.0.77-3.el5 |
redhat/mysql-bench | <5.0.77-3.el5 | 5.0.77-3.el5 |
redhat/mysql-devel | <5.0.77-3.el5 | 5.0.77-3.el5 |
redhat/mysql-devel | <5.0.77-3.el5 | 5.0.77-3.el5 |
redhat/mysql-server | <5.0.77-3.el5 | 5.0.77-3.el5 |
redhat/mysql-test | <5.0.77-3.el5 | 5.0.77-3.el5 |
redhat/mysql-bench | <5.0.77-3.el5 | 5.0.77-3.el5 |
redhat/mysql-server | <5.0.77-3.el5 | 5.0.77-3.el5 |
redhat/mysql-test | <5.0.77-3.el5 | 5.0.77-3.el5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.