MySQL is vulnerable to symlink attack. A flaw was discovered in the way MySQL handled symbolic links to tables created using the DATA DIRECTORY and INDEX DIRECTORY directives in CREATE TABLE statements. An attacker with CREATE and DROP table privileges, and shell access to the database server, could use this flaw to remove data and index files of tables created by other database users using the MyISAM storage engine.
bugs.mysql.com/bug.php?id=40980
lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
securitytracker.com/id?1024004
www.mandriva.com/security/advisories?name=MDVSA-2010:101
www.openwall.com/lists/oss-security/2010/05/10/2
www.openwall.com/lists/oss-security/2010/05/18/4
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2010-0442.html
www.securityfocus.com/bid/40257
www.ubuntu.com/usn/USN-1397-1
www.vupen.com/english/advisories/2010/1194
access.redhat.com/errata/RHSA-2010:0442
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9490