Skip to content


Oracle发布了本季安全补丁,包含了mysql在内的高危漏洞补丁

mysql 5.1.61 和mysql 5.5.21之前的版本都受影响,以下列出关于mysql的信息
http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html#AppendixMSQL

Oracle MySQL Executive Summary

 

This Critical Patch Update contains 6 new security fixes for Oracle MySQL.  None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without the need for a username and password.  The English text form of this Risk Matrix can be found here.

Oracle MySQL Risk Matrix

 

 

CVE# Component Protocol Sub-
component
Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected Notes
Base Score Access Vector Access Complexity Authen-
tication
Confiden-
tiality
Integrity Avail-
ability
CVE-2012-1703 MySQL Server MySQL Protocol Server Optimizer No 6.8 Network Low Single None None Complete 5.1.61 and earlier, 5.5.21 and earlier
CVE-2012-0583 MySQL Server MySQL Protocol MyISAM No 4.0 Network Low Single None None Partial+ 5.1.60 and earlier, 5.5.19 and earlier
CVE-2012-1697 MySQL Server MySQL Protocol Partition No 4.0 Network Low Single None None Partial+ 5.5.21 and earlier
CVE-2012-1688 MySQL Server MySQL Protocol Server DML No 4.0 Network Low Single None None Partial+ 5.1.61 and earlier, 5.5.21 and earlier
CVE-2012-1696 MySQL Server MySQL Protocol Server Optimizer No 4.0 Network Low Single None None Partial+ 5.5.19 and earlier
CVE-2012-1690 MySQL Server MySQL Protocol Server Optimizer No 4.0 Network Low Single None None Partial+ 5.1.61 and earlier, 5.5.21 and earlier  

Text Form of Risk Matrix for Oracle MySQL

This table provides the text form of the Risk Matrix for Oracle MySQL.

CVE Identifier Description
CVE-2012-0583 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.1.60 and earlier and 5.5.19 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-1688 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server DML). Supported versions that are affected are 5.1.61 and earlier and 5.5.21 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-1690 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.61 and earlier and 5.5.21 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-1696 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.5.19 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-1697 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Partition). Supported versions that are affected are 5.5.21 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-1703 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.61 and earlier and 5.5.21 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory]


Posted in 安全通告.

Tagged with .


No Responses (yet)

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.