RHEL 2.1 : mysql (RHSA-2003:094)

high Nessus Plugin ID 12378

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated packages are available that fix both a double-free security vulnerability and a remote root exploit security vulnerability found in the MySQL server.

[Updated 11 Aug 2003] Updated mysqlclient9 packages are now included.
These were previously missing from this erratum.

MySQL is a multi-user, multi-threaded SQL database server.

A double-free vulnerability in mysqld, for MySQL before version 3.23.55, allows attackers with MySQL access to cause a denial of service (crash) by creating a carefully crafted client application.

A remote root exploit vulnerability in mysqld, for MySQL before version 3.23.56, allows MySQL users to gain root privileges by overwriting configuration files.

Previous versions of the MySQL packages do not contain the thread safe client library (libmysqlclient_r).

All users of MySQL are advised to upgrade to these errata packages containing MySQL 3.23.56.

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/cve/cve-2003-0073

https://access.redhat.com/security/cve/cve-2003-0150

https://dev.mysql.com/doc/refman/4.1/en/news-3-23-55.html

https://dev.mysql.com/doc/refman/4.1/en/news-3-23-56.html

https://access.redhat.com/errata/RHSA-2003:094

Plugin Details

Severity: High

ID: 12378

File Name: redhat-RHSA-2003-094.nasl

Version: 1.23

Type: local

Agent: unix

Published: 7/6/2004

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:mysql, p-cpe:/a:redhat:enterprise_linux:mysql-devel, p-cpe:/a:redhat:enterprise_linux:mysql-server, p-cpe:/a:redhat:enterprise_linux:mysqlclient9, cpe:/o:redhat:enterprise_linux:2.1

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 8/25/2003

Vulnerability Publication Date: 2/19/2003

Reference Information

CVE: CVE-2003-0073, CVE-2003-0150

RHSA: 2003:094