Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MySQL < 5.1.41 Multiple Vulnerabilities

Medium

Synopsis

The remote database server is vulnerable to multiple attack vectors.

Description

The remote host is running MySQL Community server < 5.1.41. Such versions are potentially affected by multiple issues :

- The application fails to correctly handle the data directory path name if it contains symlinked directories in its path which could lead to a local privilege escalation. (Bug 32167)

- MySQL clients linked against OpenSSL did not check server certificates presented by a server linked against yaSSL. (Bug 47320)

- An error related to the handling of certain SELECT statements containing subqueries.

- A failure to preserve unspecified 'null_value' flags when executing statements that use the 'GeomFromWKB' function.

Solution

Upgrade to MySQL Community server 5.1.41 or later.