Oracle MySQL Server: InnoDB子组件拒绝服务漏洞

CVE编号

CVE-2016-0668

利用情况

暂无

补丁情况

官方补丁

披露时间

2016-04-21

漏洞描述

Oracle MySQL是美国甲骨文（Oracle）公司的一套开源的关系数据库管理系统。该数据库系统具有性能高、成本低、可靠性好等特点。
Oracle MySQL 5.6.28及之前版本和5.7.10及之前版本的Server: InnoDB子组件中存在拒绝服务漏洞。本地攻击者可利用该漏洞造成拒绝服务，影响数据的可用性。

解决建议

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接：
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

参考链接
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html
http://rhn.redhat.com/errata/RHSA-2016-0705.html
http://www.debian.org/security/2016/dsa-3595
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.securityfocus.com/bid/86467
http://www.securitytracker.com/id/1035606
http://www.ubuntu.com/usn/USN-2953-1
https://access.redhat.com/errata/RHSA-2016:1132
https://mariadb.com/kb/en/mariadb/mariadb-10024-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10112-release-notes/

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	mariadb	mariadb	*	From (including) 10.0.0	Up to (excluding) 10.0.24
	运行在以下环境
	应用	mariadb	mariadb	*	From (including) 10.1.0	Up to (including) 10.1.12
	运行在以下环境
	应用	oracle	mysql	*	From (including) 5.6.0	Up to (including) 5.6.28
	运行在以下环境
	应用	oracle	mysql	*	From (including) 5.7.0	Up to (including) 5.7.10
	运行在以下环境
	系统	debian	debian_linux	8.0	-
	运行在以下环境
	系统	debian	DPKG	*		Up to (excluding) 0
	运行在以下环境
	系统	opensuse	leap	42.1	-
	运行在以下环境
	系统	opensuse_13.2	libmysqlclient18	*		Up to (excluding) 5.6.30-2.20.2
	运行在以下环境
	系统	opensuse_13.2	libmysqlclient18-32bit	*		Up to (excluding) 5.6.30-2.20.2
	运行在以下环境
	系统	opensuse_13.2	mariadb	*		Up to (excluding) 5.6.30-2.20.2
	运行在以下环境
	系统	opensuse_13.2	mariadb-client	*		Up to (excluding) 5.6.30-2.20.2
	运行在以下环境
	系统	opensuse_13.2	mariadb-errormessages	*		Up to (excluding) 5.6.30-2.20.2
	运行在以下环境
	系统	opensuse_13.2	mariadb-tools	*		Up to (excluding) 5.6.30-2.20.2
	运行在以下环境
	系统	opensuse_Leap_42.1	libmysqlclient18	*		Up to (excluding) 10.0.25-6.1
	运行在以下环境
	系统	opensuse_Leap_42.1	libmysqlclient18-32bit	*		Up to (excluding) 10.0.25-6.1
	运行在以下环境
	系统	opensuse_Leap_42.1	mariadb	*		Up to (excluding) 10.0.25-6.1
	运行在以下环境
	系统	opensuse_Leap_42.1	mariadb-client	*		Up to (excluding) 10.0.25-6.1
	运行在以下环境
	系统	opensuse_Leap_42.1	mariadb-errormessages	*		Up to (excluding) 10.0.25-6.1
	运行在以下环境
	系统	opensuse_Leap_42.1	mariadb-tools	*		Up to (excluding) 10.0.25-6.1
	运行在以下环境
	系统	redhat	enterprise_linux	6.0	-
	运行在以下环境
	系统	redhat	enterprise_linux	7.0	-
	运行在以下环境
	系统	sles_12	libmysqlclient18	*		Up to (excluding) 10.0.25-20.6.1
	运行在以下环境
	系统	sles_12	libmysqlclient18	*		Up to (excluding) 10.0.27-12
	运行在以下环境
	系统	sles_12	libmysqlclient18-32bit	*		Up to (excluding) 10.0.25-20.6.1
	运行在以下环境
	系统	sles_12	mariadb	*		Up to (excluding) 10.0.25-20.6.1
	运行在以下环境
	系统	sles_12	mariadb-client	*		Up to (excluding) 10.0.25-20.6.1
	运行在以下环境
	系统	sles_12	mariadb-errormessages	*		Up to (excluding) 10.0.25-20.6.1
	运行在以下环境
	系统	sles_12	mariadb-tools	*		Up to (excluding) 10.0.25-20.6.1
	运行在以下环境
	系统	sles_12_SP1	libmysqlclient18	*		Up to (excluding) 10.0.25-6.1
	运行在以下环境
	系统	sles_12_SP1	libmysqlclient18-32bit	*		Up to (excluding) 10.0.25-6.1
	运行在以下环境
	系统	sles_12_SP1	mariadb	*		Up to (excluding) 10.0.25-6.1
	运行在以下环境
系统	sles_12_SP1	mariadb-client	*		Up to (excluding) 10.0.25-6.1
运行在以下环境
系统	sles_12_SP1	mariadb-errormessages	*		Up to (excluding) 10.0.25-6.1
运行在以下环境
系统	sles_12_SP1	mariadb-tools	*		Up to (excluding) 10.0.25-6.1
运行在以下环境
系统	suse_12	mariadb-10.0	*		Up to (excluding) 10.0.25-20.6.1
运行在以下环境
系统	suse_12_SP1	mariadb-10.0	*		Up to (excluding) 10.0.25-6.1
运行在以下环境
系统	ubuntu_14.04_lts	mysql-5.6	*		Up to (excluding) 5.6.30-0ubuntu0.14.04.1
运行在以下环境
系统	ubuntu_16.04	mariadb-10.0	*		Up to (excluding) 10.0.25-0ubuntu0.16.04.1
运行在以下环境
系统	ubuntu_16.04_lts	mariadb-10.0	*		Up to (excluding) 10.0.25-0ubuntu0.16.04.1
运行在以下环境
系统	ubuntu_18.04_lts	mysql-5.7	*		Up to (excluding) 5.7.11-0ubuntu6
运行在以下环境
系统	ubuntu_18.10	mysql-5.7	*		Up to (excluding) 5.7.11-0ubuntu6

攻击路径远程
攻击复杂度困难
权限要求 N/A
影响范围有限影响
EXP成熟度未验证
补丁情况官方补丁
数据保密性无影响
数据完整性无影响
服务器危害 DoS
全网数量 N/A

CWE-ID 漏洞类型 NVD-CWE-noinfo

正文

Oracle MySQL Server: InnoDB子组件拒绝服务漏洞

漏洞描述

解决建议

参考链接

受影响软件情况

相关阅读

IBM Jazz Reporting Service-Rational-CLM安全绕过管理任务执行漏洞

IBM Tivoli Federated Identity Manager up to 6.2.2 FP15 跨站脚本攻击

IBM WebSphere MQ Light拒绝服务漏洞

IBM Security Network Protection GSKit信息泄露漏洞

发表评论取消回复

还没有评论，来说两句吧...

目录[+]