|
|
Family: Red Hat Local Security Checks --> Category: infos
RHSA-2005-685: mysql Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the mysql packages
Detailed Explanation for this Vulnerability Test
Updated mysql packages that fix a temporary file flaw and a number of bugs
are now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries.
An insecure temporary file handling bug was found in the mysql_install_db
script. It is possible for a local user to create specially crafted files
in /tmp which could allow them to execute arbitrary SQL commands during
database installation. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-1636 to this issue.
These packages update mysql to version 4.1.12, fixing a number of problems.
Also, support for SSL-encrypted connections to the database server is now
provided.
All users of mysql are advised to upgrade to these updated packages.
Solution : http://rhn.redhat.com/errata/RHSA-2005-685.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
