This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated mysql packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld),
and many different client programs and libraries.
A flaw was found in a way MySQL handled symbolic links when database
tables were created with explicit 'DATA' and 'INDEX DIRECTORY'
options. An authenticated user could create a table that would
overwrite tables in other databases, causing destruction of data or
allowing the user to elevate privileges. (CVE-2007-5969)
A flaw was found in a way MySQL's InnoDB engine handled spatial
indexes. An authenticated user could create a table with spatial
indexes, which are not supported by the InnoDB engine, that would
cause the mysql daemon to crash when used. This issue only causes a
temporary denial of service, as the mysql daemon will be automatically
restarted after the crash. (CVE-2007-5925)
All mysql users are advised to upgrade to these updated packages,
which contain backported patches to resolve these issues.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.1
CVSS Temporal Score : 5.9
Public Exploit Available : true