漏洞信息详情
MySQL DataDir参数本地缓冲区溢出漏洞
- CNNVD编号:CNNVD-200210-259
- 危害等级: 中危
- CVE编号: CVE-2002-0969
- 漏洞类型: 其他
- 发布时间: 2002-10-11
- 威胁类型: 本地
- 更新时间: 2019-10-24
- 厂 商: mysql
- 漏洞来源: Discovery credited...
漏洞简介
Oracle MySQL是美国甲骨文(Oracle)公司的一套开源的关系数据库管理系统。
Win32平台上MySQL守护程序(mysqld) 3.23.50之前版本以及4.0 beta 4.02之前版本存在缓冲区溢出漏洞。本地用户可以借助my.ini初始化文件中的超长\"datadir\"参数执行任意代码,该漏洞在Windows上的许可允许完全控制Everyone组群。
漏洞公告
The vendor has address this issue in the latest versions of MySQL. Users are urged to upgrade to the latest version of MySQL:
MySQL AB MySQL 3.23.49
MySQL AB MySQL 3.23.52
http://www.mysql.com/downloads/index.HTML">
http://www.mysql.com/downloads/index.HTML
MySQL AB MySQL 4.0.3
http://www.mysql.com/downloads/index.HTML">
http://www.mysql.com/downloads/index.HTML
MySQL AB MySQL 4.0 .0
MySQL AB MySQL 4.0.3
http://www.mysql.com/downloads/index.HTML">
http://www.mysql.com/downloads/index.HTML
MySQL AB MySQL 4.0.1
MySQL AB MySQL 4.0.3
http://www.mysql.com/downloads/index.HTML">
http://www.mysql.com/downloads/index.HTML
参考网址
来源:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-0969※http://www.securityfocus.com/bid/5853
链接:无
来源:XF
链接:http://www.iss.net/security_center/static/10243.php
来源:BUGTRAQ
链接:http://marc.info/?l=bugtraq&m=103358628011935&w=2
来源:VULNWATCH
链接:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.HTML
来源:MISC
链接:http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt
来源:CONFIRM
链接:http://www.mysql.com/documentation/mysql/bychapter/manual_News.HTML#News-3.23.x
来源:BID
链接:https://www.securityfocus.com/bid/5853
受影响实体
- Mysql Mysql:4.0.1
- Mysql Mysql:4.0.0
- Mysql Mysql:3.23.49
补丁
暂无
评论