+++ This bug was initially created as a clone of Bug #158688 +++ mysql_install_db in MySQL 4.x before 4.0.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents. More information is in the full-disclosure post: http://marc.theaimsgroup.com/?l=full-disclosure&m=111632686805498&w=2
This issue also affects RHEL2.1
My mistake, this issue does not affect RHEL3 or RHEL2.1