RHSA-2010:0110: Moderate: mysql security update
First published: Tue Feb 16 2010(Updated: )
MySQL is a multi-user, multi-threaded SQL database server. It consists of<br>the MySQL server daemon (mysqld) and many client programs and libraries.<br>Multiple flaws were discovered in the way MySQL handled symbolic links to<br>tables created using the DATA DIRECTORY and INDEX DIRECTORY directives in<br>CREATE TABLE statements. An attacker with CREATE and DROP table privileges<br>and shell access to the database server could use these flaws to escalate<br>their database privileges, or gain access to tables created by other<br>database users. (CVE-2008-4098, CVE-2009-4030)<br>Note: Due to the security risks and previous security issues related to the<br>use of the DATA DIRECTORY and INDEX DIRECTORY directives, users not<br>depending on this feature should consider disabling it by adding<br>"symbolic-links=0" to the "[mysqld]" section of the "my.cnf" configuration<br>file. In this update, an example of such a configuration was added to the<br>default "my.cnf" file.<br>An insufficient HTML entities quoting flaw was found in the mysql command<br>line client's HTML output mode. If an attacker was able to inject arbitrary<br>HTML tags into data stored in a MySQL database, which was later retrieved<br>using the mysql command line client and its HTML output mode, they could<br>perform a cross-site scripting (XSS) attack against victims viewing the<br>HTML output in a web browser. (CVE-2008-4456)<br>Multiple format string flaws were found in the way the MySQL server logged<br>user commands when creating and deleting databases. A remote, authenticated<br>attacker with permissions to CREATE and DROP databases could use these<br>flaws to formulate a specially-crafted SQL command that would cause a<br>temporary denial of service (open connections to mysqld are terminated).<br>(CVE-2009-2446)<br>Note: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld<br>"--log" command line option or the "log" option in "my.cnf") must be<br>enabled. This logging is not enabled by default.<br>All MySQL users are advised to upgrade to these updated packages, which<br>contain backported patches to resolve these issues. After installing this<br>update, the MySQL server daemon (mysqld) will be restarted automatically.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/mysql | <4.1.22-2.el4_8.3 | 4.1.22-2.el4_8.3 |
| redhat/mysql | <4.1.22-2.el4_8.3 | 4.1.22-2.el4_8.3 |
| redhat/mysql-bench | <4.1.22-2.el4_8.3 | 4.1.22-2.el4_8.3 |
| redhat/mysql-devel | <4.1.22-2.el4_8.3 | 4.1.22-2.el4_8.3 |
| redhat/mysql-server | <4.1.22-2.el4_8.3 | 4.1.22-2.el4_8.3 |
| redhat/mysql-bench | <4.1.22-2.el4_8.3 | 4.1.22-2.el4_8.3 |
| redhat/mysql-devel | <4.1.22-2.el4_8.3 | 4.1.22-2.el4_8.3 |
| redhat/mysql-server | <4.1.22-2.el4_8.3 | 4.1.22-2.el4_8.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=454077
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=466518
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=511020
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=543653
- http://www.redhat.com/security/updates/classification/#moderate
- http://dev.mysql.com/doc/refman/4.1/en/symbolic-links-to-tables.html
- https://access.redhat.com/errata/RHSA-2010:0110 (Advisory)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2010:0110
- agent/software-canonical-lookup
- package-manager/redhat