受此漏洞影响的 Ubuntu 版本包括
Ubuntu 6.06 LTS 、Ubuntu 7.10、 Ubuntu 8.04 LTS
详细的版本组合如下:
Ubuntu 6.06 LTS: mysql-server-5.0 5.0.22-0ubuntu6.06.11
Ubuntu 7.10: mysql-server-5.0 5.0.45-1ubuntu3.4
Ubuntu 8.04 LTS: mysql-server-5.0 5.0.51a-3ubuntu5.4
详细的漏洞描述:
1. 合法用户可以通过 DATA DIRECTORY 和 INDEX DIRECTORY 两个命令参数来覆盖掉已存在的表的数据目录(CVE-2008-2079, CVE-2008-4097 and CVE-2008-4098)
2. It was discovered that MySQL did not handle empty bit-string literals properly. An attacker could exploit this problem and cause the MySQL server to crash, leading to a denial of service. (CVE-2008-3963)
暂无更多评论