MySQL < 5.1.41 Multiple Vulnerabilities
Medium Log Correlation Engine Plugin ID 801137
SynopsisThe remote database server is vulnerable to multiple attack vectors.
DescriptionThe remote host is running MySQL Community server < 5.1.41. Such versions are potentially affected by multiple issues :
- The application fails to correctly handle the data directory path name if it contains symlinked directories in its path which could lead to a local privilege escalation. (Bug 32167)
- MySQL clients linked against OpenSSL did not check server certificates presented by a server linked against yaSSL. (Bug 47320)
- An error related to the handling of certain SELECT statements containing subqueries.
- A failure to preserve unspecified 'null_value' flags when executing statements that use the 'GeomFromWKB' function.
SolutionUpgrade to MySQL Community server 5.1.41 or later.