mysql 5.1.61 和mysql 5.5.21之前的版本都受影响,以下列出关于mysql的信息
Oracle MySQL Executive Summary
This Critical Patch Update contains 6 new security fixes for Oracle MySQL. None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without the need for a username and password. The English text form of this Risk Matrix can be found here.
Oracle MySQL Risk Matrix
CVE#
Component
Protocol
Sub-
component
Remote Exploit without Auth.?
CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)
Supported Versions Affected
Notes
Base Score
Access Vector
Access Complexity
Authen-
tication
Confiden-
tiality
Integrity
Avail-
ability
CVE--1703
MySQL Server
MySQL Protocol
Server Optimizer
No
6.8
Network
Low
Single
None
None
Complete
5.1.61 and earlier, 5.5.21 and earlier
CVE--0583
MySQL Server
MySQL Protocol
MyISAM
No
4.0
Network
Low
Single
None
None
Partial+
5.1.60 and earlier, 5.5.19 and earlier
CVE--1697
MySQL Server
MySQL Protocol
Partition
No
4.0
Network
Low
Single
None
None
Partial+
5.5.21 and earlier
CVE--1688
MySQL Server
MySQL Protocol
Server DML
No
4.0
Network
Low
Single
None
None
Partial+
5.1.61 and earlier, 5.5.21 and earlier
CVE--1696
MySQL Server
MySQL Protocol
Server Optimizer
No
4.0
Network
Low
Single
None
None
Partial+
5.5.19 and earlier
CVE--1690
MySQL Server
MySQL Protocol
Server Optimizer
No
4.0
Network
Low
Single
None
None
Partial+
5.1.61 and earlier, 5.5.21 and earlier
Text Form of Risk Matrix for Oracle MySQL
This table provides the text form of the Risk Matrix for Oracle MySQL.
CVE Identifier
Description
CVE--0583
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.1.60 and earlier and 5.5.19 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE--1688
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server DML). Supported versions that are affected are 5.1.61 and earlier and 5.5.21 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE--1690
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.61 and earlier and 5.5.21 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE--1696
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.5.19 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE--1697
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Partition). Supported versions that are affected are 5.5.21 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE--1703
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.61 and earlier and 5.5.21 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory]
如果觉得《mysql安全补丁 Oracle发布了本季安全补丁 包含了mysql在内的高危漏洞补丁》对你有帮助,请点赞、收藏,并留下你的观点哦!
