CVE编号
CVE-2015-5969利用情况
暂无补丁情况
官方补丁披露时间
2016-04-09漏洞描述
Novell openSUSE是美国Novell公司的一套基于Linux的自由操作系统。mysql-community-server package是其中的一个数据库安装包。openSUSE Leap是openSUSE的一个版本。Novell openSUSE的mysql-community-server和mariadb中的mysql-systemd-helper脚本存在安全漏洞。本地攻击者可通过列出进程及其参数利用该漏洞发现数据库证书。
解决建议
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html
参考链接 |
|
|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | |
| http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | |
| http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html | |
| https://bugzilla.suse.com/957174 | |
| https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 系统 | opensuse | leap | 42.1 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse | opensuse | 13.2 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_13.2 | libmysqlclient18 | * |
Up to (excluding) 5.6.28-2.17.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_13.2 | libmysqlclient18-32bit | * |
Up to (excluding) 5.6.28-2.17.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_13.2 | mariadb | * |
Up to (excluding) 5.6.28-2.17.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_13.2 | mariadb-client | * |
Up to (excluding) 5.6.28-2.17.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_13.2 | mariadb-errormessages | * |
Up to (excluding) 5.6.28-2.17.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_13.2 | mariadb-tools | * |
Up to (excluding) 5.6.28-2.17.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_42.1 | libmysqlclient18 | * |
Up to (excluding) 10.0.22-3.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_42.1 | libmysqlclient18-32bit | * |
Up to (excluding) 10.0.22-3.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_42.1 | mariadb | * |
Up to (excluding) 10.0.22-3.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_42.1 | mariadb-client | * |
Up to (excluding) 10.0.22-3.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_42.1 | mariadb-errormessages | * |
Up to (excluding) 10.0.22-3.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_42.1 | mariadb-tools | * |
Up to (excluding) 10.0.22-3.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | sles_12 | libmysqlclient18 | * |
Up to (excluding) 10.0.27-12 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | sles_12_SP1 | libmysqlclient18 | * |
Up to (excluding) 10.0.22-3.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | sles_12_SP1 | libmysqlclient18-32bit | * |
Up to (excluding) 10.0.22-3.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | sles_12_SP1 | mariadb | * |
Up to (excluding) 10.0.22-3.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | sles_12_SP1 | mariadb-client | * |
Up to (excluding) 10.0.22-3.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | sles_12_SP1 | mariadb-errormessages | * |
Up to (excluding) 10.0.22-3.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | sles_12_SP1 | mariadb-tools | * |
Up to (excluding) 10.0.22-3.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | suse | linux_enterprise_desktop | 12 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | suse | linux_enterprise_server | 12 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | suse | linux_enterprise_software_development_kit | 12 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | suse | linux_enterprise_workstation_extension | 12 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12_SP1 | libmysqlclient18-32bit | * |
Up to (excluding) 10.0.22-3.1 |
|||||
- 攻击路径 本地
- 攻击复杂度 复杂
- 权限要求 无需权限
- 影响范围 有限影响
- EXP成熟度 未验证
- 补丁情况 官方补丁
- 数据保密性 无影响
- 数据完整性 无影响
- 服务器危害 无影响
- 全网数量 100
还没有评论,来说两句吧...