RHEL 2.1 : mysql (RHSA-2003:094)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated packages are available that fix both a double-free security
vulnerability and a remote root exploit security vulnerability found
in the MySQL server.

[Updated 11 Aug 2003] Updated mysqlclient9 packages are now included.
These were previously missing from this erratum.

MySQL is a multi-user, multi-threaded SQL database server.

A double-free vulnerability in mysqld, for MySQL before version
3.23.55, allows attackers with MySQL access to cause a denial of
service (crash) by creating a carefully crafted client application.

A remote root exploit vulnerability in mysqld, for MySQL before
version 3.23.56, allows MySQL users to gain root privileges by
overwriting configuration files.

Previous versions of the MySQL packages do not contain the thread safe
client library (libmysqlclient_r).

All users of MySQL are advised to upgrade to these errata packages
containing MySQL 3.23.56.

See also :

https://www.redhat.com/security/data/cve/CVE-2003-0073.html
https://www.redhat.com/security/data/cve/CVE-2003-0150.html
http://dev.mysql.com/doc/refman/4.1/en/news-3-23-55.html
http://dev.mysql.com/doc/refman/4.1/en/news-3-23-56.html
http://rhn.redhat.com/errata/RHSA-2003-094.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12378 ()

Bugtraq ID:

CVE ID: CVE-2003-0073
CVE-2003-0150