This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
An updated mysql-server package that fixes various security issues is
now available in the Red Hat Enterprise Linux 3 Extras channel of Red
MySQL is a multi-user, multi-threaded SQL database server.
A number of security issues that affect the mysql-server package have
been reported. Although Red Hat Enterprise Linux 3 does not ship with
the mysql-server package, the affected package is available from the
Red Hat Network Extras channel.
Oleksandr Byelkin discovered that 'ALTER TABLE ... RENAME' checked the
CREATE/INSERT rights of the old table instead of the new one. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0835 to this issue.
Lukasz Wojtow discovered a buffer overrun in the mysql_real_connect
function. In order to exploit this issue an attacker would need to
force the use of a malicious DNS server (CVE-2004-0836).
Dean Ellis discovered that multiple threads ALTERing the same (or
different) MERGE tables to change the UNION could cause the server to
crash or stall (CVE-2004-0837).
Sergei Golubchik discovered that if a user is granted privileges to a
database with a name containing an underscore ('_'), the user also
gains the ability to grant privileges to other databases with similar
Users of mysql-server should upgrade to these erratum packages, which
correct these issues.
See also :
Update the affected mysql-server package.
Risk factor :
Critical / CVSS Base Score : 10.0
Family: Red Hat Local Security Checks
Nessus Plugin ID: 15631 ()
CVE ID: CVE-2004-0835CVE-2004-0836CVE-2004-0837CVE-2004-0957
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.